Cyber Posture

CVE-2026-40068

HighRCE

Published: 05 May 2026

Published
05 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0017 37.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40068 is a high-severity Improper Input Validation (CWE-20) vulnerability in Anthropic Claude Code. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models.

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

PM-14 Testing, Training, and Monitoring
addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

SA-11 Developer Testing and Evaluation
addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

SI-10 Information Input Validation
addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

SI-8 Spam Protection
addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Bypass of trust check directly enables execution of attacker-controlled hooks via command/script interpreter (T1059) after user opens malicious file/repo (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim…

more

had previously trusted, causing Claude Code to bypass its trust confirmation dialog and immediately execute hooks defined in `.claude/settings.json`. Exploitation requires the victim to clone the malicious repository and run Claude Code within it, and the attacker must know or guess a path the victim had already trusted. This issue has been fixed in version 2.1.84.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-20CWE-77NVD-CWE-noinfo

Affected Products

anthropic
claude code
2.1.63 — 2.1.84

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: claude, claude, claude, claude

CVEs Like This One

CVE-2026-25722Same product: Anthropic Claude Code
CVE-2026-25725Same product: Anthropic Claude Code
CVE-2026-33068Same product: Anthropic Claude Code
CVE-2026-39861Same product: Anthropic Claude Code
CVE-2026-21852Same product: Anthropic Claude Code
CVE-2026-24052Same product: Anthropic Claude Code
CVE-2026-24887Same product: Anthropic Claude Code
CVE-2026-25724Same product: Anthropic Claude Code
CVE-2025-58764Same product: Anthropic Claude Code
CVE-2025-54795Same product: Anthropic Claude Code

References