CVE-2026-35603 — MEDIUM AI Security Vulnerability

Q: What is CVE-2026-35603?

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Q: Is CVE-2026-35603 actively exploited?

No confirmed active exploitation of CVE-2026-35603 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-35603?

Update to patched version: @anthropic-ai/claude-code 2.1.75.

Q: What is the CVSS score for CVE-2026-35603?

No CVSS score has been assigned yet.

On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode`...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
@anthropic-ai/claude-code	npm	< 2.1.75	`2.1.75`
112.7K Pushed 7d ago 33% patched ~0d to patch Full package profile →

Do you use @anthropic-ai/claude-code? You're affected.

Severity & Risk

CVSS 3.1

N/A

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Recommended Action

Patch available

Update @anthropic-ai/claude-code to version 2.1.75

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-35603?

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Is CVE-2026-35603 actively exploited?

No confirmed active exploitation of CVE-2026-35603 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-35603?

Update to patched version: @anthropic-ai/claude-code 2.1.75.

What is the CVSS score for CVE-2026-35603?

No CVSS score has been assigned yet.

Technical Details

NVD Description

On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode` subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to the latest version. Thank you to hackerone.com/edbr for reporting this issue.