CVE-2026-22561 | THREATINT

Description

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.

PUBLISHED Reserved 2026-01-07 | Published 2026-03-31 | Updated 2026-05-10 | Assigner hackerone

MEDIUM: 4.7CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Product status

Default status

unaffected

Any version before 1.1.3363

affected

Credits

Kazuma Matsumoto, a security reseaercher at GMO Cybersecurity by IERAE, Inc finder

References

trust.anthropic.com/...cking-in-claude-for-windows-installer

cve.org (CVE-2026-22561)

nvd.nist.gov (CVE-2026-22561)

Download JSON