Vulnerability in Anthropics Claude-code

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access p…

EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.

Affected products

Anthropics Claude-code — versions < 2.1.75

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx (x_refsource_CONFIRM)