cvedb.io
CVE-2026-22561
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-03-31T16:16:28.850 · Last modified 2026-06-17T10:20:05.027

Summary

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.

Affected products

anthropic — claude

Does this affect you?

Add your gear to cvedb and we'll alert you only when anthropic ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.