Claude Code CLI Fixed: Configuration Loading Order Defect Resolved to Prevent Unauthorized Permission Elevation

Introduction & Vulnerability Overview Anthropic’s Claude Code CLI, a developer tool powered by advanced AI, recently exposed a critical security flaw through CVE-2026-33068 , a HIGH severity (CVSS 7.7) configuration loading order defect. This vulnerability arises from a fundamental software engineering error: the tool processes repository-specific settings—contained in the .claude/settings.json file— prior to establishing workspace trust...