Due to a bug in the startup trust dialog implementation, Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory.
Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
Thank you to https://hackerone.com/avivdon for reporting this issue!
{
"github_reviewed_at": "2025-10-03T14:16:34Z",
"nvd_published_at": "2025-10-03T07:15:44Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-94"
],
"severity": "HIGH"
}