Vulnerability Details CVE-2026-22561
Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.6%
CVSS Severity
CVSS v3 Score 7.8