CVE-2026-35603 | Anthropic claude-code up to 2.1.74 on Windows Configuration managed-settings.json untrusted search path (GHSA-5cwg-9f6j-9jvx)

A vulnerability described as problematic has been identified in Anthropic claude-code up to 2.1.74 on Windows. Impacted is an unknown function of the file C:ProgramDataClaudeCodemanaged-settings.json of the component Configuration Handler. Executing a manipulation can lead to untrusted search path.

This vulnerability is tracked as CVE-2026-35603. The attack is restricted to local execution. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More