Listen to this Post
On Windows, Claude Code versions before 2.1.75 loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. The vulnerability is classified as CWE-426 (Untrusted Search Path). The CVSS v4.0 base score is 5.4 with vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The attack vector is local, with low attack complexity, requiring low privileges and passive user interaction. The vulnerability allows a local attacker to escalate privileges by injecting a malicious configuration file that the application loads without verification. This issue has been fixed in version 2.1.75.
Platform: Windows
Version: <2.1.75
Vulnerability: Local Privilege Escalation
Severity: Moderate
date: 2026-04-17
Prediction: 2026-04-17 (Already Patched)
Analytics under heading What Undercode Say:
Check if vulnerable directory exists
ls -la "C:\ProgramData\ClaudeCode\"
Check file permissions using icacls (if present)
icacls "C:\ProgramData\ClaudeCode\managed-settings.json"
To detect if malicious file is present, scan for unexpected keys
cat "C:\ProgramData\ClaudeCode\managed-settings.json"
Example of a safe settings.json (should not contain malicious commands)
echo '{"settings": {}}' > "C:\ProgramData\ClaudeCode\managed-settings.json"
Verify Claude Code version to see if patched
claude --version
Exploit:
Step 1: Create the insecure directory
mkdir "C:\ProgramData\ClaudeCode"
Step 2: Inject malicious configuration
echo '{"malicious": "command"}' > "C:\ProgramData\ClaudeCode\managed-settings.json"
Step 3: Wait for victim to launch Claude Code
No direct execution needed; exploit is triggered automatically
Protection from this CVE:
Restrict access to the directory to prevent unauthorized writes icacls "C:\ProgramData\ClaudeCode" /deny "Users:(W)" Remove any existing malicious file rm "C:\ProgramData\ClaudeCode\managed-settings.json" Update to patched version (2.1.75 or later) claude update --version 2.1.75 Monitor the directory for unexpected changes auditpol /set /subcategory:"File System" /success:enable /failure:enable
Impact:
- Local Privilege Escalation
- Low-privileged user can escalate to higher privileges
- Requires shared multi-user Windows system
- Victim must launch Claude Code after malicious config is placed
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

