Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. This issue has been fixed on version 2.1.75.
AnalysisAI
Claude Code prior to version 2.1.75 on Windows allows low-privileged local users to execute arbitrary code by placing a malicious configuration file in an unprotected shared directory (C:\ProgramData\ClaudeCode\managed-settings.json). The vulnerability exploits the default writability of ProgramData to non-administrative users and the absence of directory ownership validation, enabling privilege escalation or lateral impact when a victim user subsequently launches the application. This requires local system access and user interaction (launching Claude Code), limiting real-world impact to shared multi-user systems.
Technical ContextAI
Claude Code is an agentic development tool that loads system-wide configuration from a fixed path in ProgramData, a shared Windows directory intended for application data accessible to all users. The root cause (CWE-426: Untrusted Search Path) stems from loading configuration without verifying that the containing directory is owned and controlled by trusted entities. By default, ProgramData allows write access to non-administrative accounts, and Claude Code did not pre-create the ClaudeCode subdirectory with restricted permissions. An attacker can create this directory and place a malicious managed-settings.json, which Claude Code then loads without ownership validation. The CVSS vector (AV:L/AC:L/PR:L) confirms this is a local privilege escalation requiring low-privilege account access and low attack complexity, though AT:P (attack timing requiring user interaction) and UI:P (user must launch the tool) constrain exploitability.
RemediationAI
The primary fix is to upgrade Claude Code to version 2.1.75 or later on all affected Windows systems. Users should ensure they run the latest version from the official Anthropics distribution channels and verify the update applies to their Windows installation. No workarounds are documented for pre-2.1.75 versions; however, as a compensating control on shared systems, administrators can manually create the C:\ProgramData\ClaudeCode directory with restricted ACLs (modifiable only by SYSTEM and Administrators) before users launch Claude Code, preventing non-administrative users from placing malicious configuration files. This control has the trade-off of requiring pre-deployment steps and ongoing verification. Alternatively, restricting write access to ProgramData itself (via Group Policy) is effective but may break other applications expecting standard ProgramData permissions. See https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx for patch confirmation and installation guidance.
Same weakness CWE-426 – Untrusted Search Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23520
GHSA-5cwg-9f6j-9jvx