Configuration file poisoning is the tampering of settings files so a program behaves in a malicious or unintended way. Many applications treat configuration data as trustworthy input, even when those files are writable by users, synced from shared locations, or copied from untrusted sources. If an attacker can alter a path, command, plugin setting, or launch target, the application may execute the wrong program, disable protections, or expose sensitive data.
This matters because configuration files often sit close to execution boundaries: they can influence shell commands, file-open actions, extension loading, or inter-process communication. In real attacks, poisoning may be used to trigger code execution, persistence, or privilege abuse without modifying the main binary. Defenders reduce the risk by locking down settings directories, validating every value before use, separating data from commands, and monitoring for unexpected changes in user-editable configuration files.