CVE-2026-35603
Insecure Configuration Loading in Claude Code Allows Privilege Escalation
Publication date: 2026-04-17
Last updated on: 2026-04-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude_code | to 2.1.75 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Claude Code is a coding tool that, in versions before 2.1.75 on Windows, loaded a system-wide configuration file from a location that was writable by low-privileged users. Specifically, it loaded the configuration from C:\ProgramData\ClaudeCode\managed-settings.json without checking who owned the directory or who had access permissions.
Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or restricted, a low-privileged user could create this directory and place a malicious configuration file there.
When another user launched Claude Code, the tool would automatically load this malicious configuration, potentially allowing the attacker to influence the behavior of Claude Code on that machine.
This vulnerability requires a shared multi-user Windows system and a victim user to run Claude Code after the malicious file is placed. The issue was fixed in version 2.1.75.
How can this vulnerability impact me? :
This vulnerability could allow a low-privileged local user on a shared Windows system to execute malicious configurations within Claude Code when another user runs the application.
This could lead to unauthorized code execution or manipulation of the tool's behavior, potentially compromising the security or integrity of the affected user's environment.
However, exploitation requires that multiple users share the same Windows system and that the victim user launches Claude Code after the malicious configuration is placed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Claude Code to version 2.1.75 or later, where the issue has been fixed.
Additionally, restrict write permissions to the C:\ProgramData\ClaudeCode directory to prevent low-privileged users from creating or modifying the managed-settings.json configuration file.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the presence of a writable ClaudeCode configuration directory at C:\ProgramData\ClaudeCode and the existence of a potentially malicious managed-settings.json file placed by a low-privileged user.
To detect this vulnerability on your system, you can check if the directory C:\ProgramData\ClaudeCode exists and verify its ownership and permissions. Also, inspect the managed-settings.json file within that directory for unauthorized or suspicious content.
Suggested commands on a Windows system to detect this are:
- Check if the directory exists: `dir C:\ProgramData\ClaudeCode`
- Check directory permissions and ownership: `icacls C:\ProgramData\ClaudeCode`
- Inspect the contents of the configuration file: `type C:\ProgramData\ClaudeCode\managed-settings.json`
If the directory is writable by non-administrative users or the configuration file contains unexpected or malicious settings, the system may be vulnerable or compromised.