This article was originally published on LucidShark Blog . In February 2026, security researchers disclosed a structural vulnerability affecting Claude Code, OpenAI Codex CLI, and Google Gemini-CLI. All three tools share the same trust model: when you approve a project folder, that approval persists across every future session. Researchers labeled it "Approve Once, Exploit Forever." All three vendors closed the report without shipping a fix. Anthropic marked it Informative. OpenAI marked it P5/Informational. Google marked it Won't Fix. The vendors are not wrong that this is by-design behavior. They are wrong that it is not a security problem. Affected tools: Claude Code (all versions through May 2026), OpenAI Codex CLI, Google Gemini-CLI. The trust persistence behavior is architectural, not a regression. Fixes require behavioral changes the vendors have declined to make. What the Vulnerability Actually Is The problem is a classic TOCTOU race: Time-of-Check to Time-of-Use.…