CVE-2026-33068 | Anthropic claude-code up to 2.1.52 claude/settings.json reliance on untrusted inputs in a security decision
VulDBArchived Mar 20, 2026✓ Full text saved
A vulnerability has been found in Anthropic claude-code up to 2.1.52 and classified as critical . Affected by this vulnerability is an unknown functionality of the file claude/settings.json . This manipulation causes reliance on untrusted inputs in a security decision. This vulnerability appears as CVE-2026-33068 . The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-352034 · CVE-2026-33068 · GCVE-0-2026-33068
ANTHROPIC CLAUDE-CODE UP TO 2.1.52 CLAUDE/SETTINGS.JSON RELIANCE ON UNTRUSTED INPUTS IN A SECURITY DECISION
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
6.0 $0-$5k 1.51+
Summaryinfo
A vulnerability was found in Anthropic claude-code up to 2.1.52 and classified as critical. Affected by this issue is some unknown functionality of the file claude/settings.json. Such manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is traded as CVE-2026-33068. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
Detailsinfo
A vulnerability was found in Anthropic claude-code up to 2.1.52. It has been rated as critical. Affected by this issue is an unknown code of the file claude/settings.json. The manipulation with an unknown input leads to a reliance on untrusted inputs in a security decision vulnerability. Using CWE to declare the problem leads to CWE-807. The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed .claude/settings.json, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing the trust confirmation prompt, making it easier for an attacker-controlled repository to gain tool execution without explicit user consent. This issue has been patched in version 2.1.53.
The advisory is available at github.com. This vulnerability is handled as CVE-2026-33068 since 03/17/2026. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit.
By approaching the search of inurl:claude/settings.json it is possible to find vulnerable targets with Google Hacking.
Upgrading to version 2.1.53 eliminates this vulnerability.
Productinfo
Type
Artificial Intelligence Software
Vendor
Anthropic
Name
claude-code
Version
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.40
2.1.41
2.1.42
2.1.43
2.1.44
2.1.45
2.1.46
2.1.47
2.1.48
2.1.49
2.1.50
2.1.51
2.1.52
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3info
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Reliance on untrusted inputs in a security decision
CWE: CWE-807 / CWE-20
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Google Hack: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: claude-code 2.1.53
Timelineinfo
03/17/2026 CVE reserved
03/20/2026 +3 days Advisory disclosed
03/20/2026 +0 days VulDB entry created
03/20/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: github.com
Status: Confirmed
CVE: CVE-2026-33068 (🔒)
GCVE (CVE): GCVE-0-2026-33068
GCVE (VulDB): GCVE-100-352034
Entryinfo
Created: 03/20/2026 10:06
Changes: 03/20/2026 10:06 (67)
Complete: 🔍
Cache ID: 99:8CB:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸