GHSA-5cwg-9f6j-9jvx: Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Claude Code on Windows had a security flaw where it loaded configuration files from a shared system directory without checking who owned that directory or had permission to change it. Since regular users could write to this directory by default, an attacker could create a malicious configuration file that would run with elevated privileges when another user launched Claude Code, allowing a local privilege escalation (unauthorized access to higher-level permissions).