CVE-2026-22561
DLL Search-Order Hijacking in Anthropic Claude Installer Enables Privilege Escalation
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anthropic | claude | to 1.1.3363 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves uncontrolled search path elements in the Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363. Specifically, after User Account Control (UAC) elevation, the installer loads DLL files from its own directory, such as profapi.dll. If a malicious DLL is placed alongside the installer, it can be loaded instead, allowing an attacker to execute arbitrary code with elevated privileges on the local system.
How can this vulnerability impact me? :
The vulnerability can lead to local privilege escalation, meaning an attacker with limited access to the system could exploit this flaw to gain higher privileges. This could allow the attacker to execute arbitrary code with elevated rights, potentially compromising the system's security and integrity.