Claude Code, Insecure System-Wide Configuration Loading, CVE-2026-35603 (Moderate)

Listen to this Post

On Windows, Claude Code versions before 2.1.75 loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. The vulnerability is classified as CWE-426 (Untrusted Search Path). The CVSS v4.0 base score is 5.4 with vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The attack vector is local, with low attack complexity, requiring low privileges and passive user interaction. The vulnerability allows a local attacker to escalate privileges by injecting a malicious configuration file that the application loads without verification. This issue has been fixed in version 2.1.75.
Platform: Windows
Version: <2.1.75
Vulnerability: Local Privilege Escalation
Severity: Moderate
date: 2026-04-17

Prediction: 2026-04-17 (Already Patched)

Analytics under heading What Undercode Say:

Check if vulnerable directory exists
ls -la "C:\ProgramData\ClaudeCode\"
Check file permissions using icacls (if present)
icacls "C:\ProgramData\ClaudeCode\managed-settings.json"
To detect if malicious file is present, scan for unexpected keys
cat "C:\ProgramData\ClaudeCode\managed-settings.json"
Example of a safe settings.json (should not contain malicious commands)
echo '{"settings": {}}' > "C:\ProgramData\ClaudeCode\managed-settings.json"
Verify Claude Code version to see if patched
claude --version

Exploit:

Step 1: Create the insecure directory
mkdir "C:\ProgramData\ClaudeCode"
Step 2: Inject malicious configuration
echo '{"malicious": "command"}' > "C:\ProgramData\ClaudeCode\managed-settings.json"
Step 3: Wait for victim to launch Claude Code
No direct execution needed; exploit is triggered automatically

Protection from this CVE:

Restrict access to the directory to prevent unauthorized writes
icacls "C:\ProgramData\ClaudeCode" /deny "Users:(W)"
Remove any existing malicious file
rm "C:\ProgramData\ClaudeCode\managed-settings.json"
Update to patched version (2.1.75 or later)
claude update --version 2.1.75
Monitor the directory for unexpected changes
auditpol /set /subcategory:"File System" /success:enable /failure:enable

Impact:

  • Local Privilege Escalation
  • Low-privileged user can escalate to higher privileges
  • Requires shared multi-user Windows system
  • Victim must launch Claude Code after malicious config is placed

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top