CVE-2026-40068 | Anthropic claude-code up to 2.1.83 claude/settings.json command injection (GHSA-q5hj-mxqh-vv77 / EUVD-2026-27502)

A vulnerability, which was classified as critical, was found in Anthropic claude-code up to 2.1.83. The impacted element is an unknown function of the file claude/settings.json. Executing a manipulation can lead to command injection.

This vulnerability appears as CVE-2026-40068. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More