CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

EUVD-2026-23520

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows...