Anthropic claude-code up to 2.1.74 on Windows Configuration managed-settings.json untrusted search path

Summaryinfo

A vulnerability classified as problematic has been found in Anthropic claude-code up to 2.1.74 on Windows. The affected element is an unknown function of the file C:\ProgramData\ClaudeCode\managed-settings.json of the component Configuration Handler. The manipulation leads to untrusted search path. This vulnerability is listed as CVE-2026-35603. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Anthropic claude-code up to 2.1.74 on Windows and classified as critical. This issue affects some unknown processing of the file C:\ProgramData\ClaudeCode\managed-settings.json of the component Configuration Handler. The manipulation with an unknown input leads to a untrusted search path vulnerability. Using CWE to declare the problem leads to CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. This issue has been fixed on version 2.1.75.

The advisory is shared at github.com. The identification of this vulnerability is CVE-2026-35603 since 04/03/2026. The exploitation is known to be difficult. An attack has to be approached locally. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1574 for this issue.

By approaching the search of inurl:C:\ProgramData\ClaudeCode\managed-settings.json it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 2.1.75 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Artificial Intelligence Software

Vendor

• Anthropic

Name

• claude-code

Version

• 2.1.0
• 2.1.1
• 2.1.2
• 2.1.3
• 2.1.4
• 2.1.5
• 2.1.6
• 2.1.7
• 2.1.8
• 2.1.9
• 2.1.10
• 2.1.11
• 2.1.12
• 2.1.13
• 2.1.14
• 2.1.15
• 2.1.16
• 2.1.17
• 2.1.18
• 2.1.19
• 2.1.20
• 2.1.21
• 2.1.22
• 2.1.23
• 2.1.24
• 2.1.25
• 2.1.26
• 2.1.27
• 2.1.28
• 2.1.29
• 2.1.30
• 2.1.31
• 2.1.32
• 2.1.33
• 2.1.34
• 2.1.35
• 2.1.36
• 2.1.37
• 2.1.38
• 2.1.39
• 2.1.40
• 2.1.41
• 2.1.42
• 2.1.43
• 2.1.44
• 2.1.45
• 2.1.46
• 2.1.47
• 2.1.48
• 2.1.49
• 2.1.50
• 2.1.51
• 2.1.52
• 2.1.53
• 2.1.54
• 2.1.55
• 2.1.56
• 2.1.57
• 2.1.58
• 2.1.59
• 2.1.60
• 2.1.61
• 2.1.62
• 2.1.63
• 2.1.64
• 2.1.65
• 2.1.66
• 2.1.67
• 2.1.68
• 2.1.69
• 2.1.70
• 2.1.71
• 2.1.72
• 2.1.73
• 2.1.74

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion