CVE-2026-22561

Medium CVSS: 4.7

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.

Vendor

Anthropic

Product

Claude

CWE

CWE-427

Yayın Tarihi

2026-03-31 16:16:28

Güncelleme

2026-04-06 16:58:22

Source Identifier

support@hackerone.com

KEV Date Added

Kategoriler

CWE-427 Claude MEDIUM Anthropic 2026

Referanslar

https://trust.anthropic.com/resources?s=1cvig6ldp3zvuj1yffzr11&name=cve-2026-22561-dll-search-order-hijacking-in-claude-for-windows-installer

Benzer Kayıtlar

High

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, includ…

Low

CVE-2026-25724

Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configu…

High

CVE-2026-25725

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to p…

High

CVE-2026-25722

Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory change…

High

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using p…

High

CVE-2026-24052

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in it…