{"data":{"id":"d60056ff-4f4d-46b2-87a4-106b9b8450b0","title":"CVE-2026-44470: The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side","summary":"Claude Desktop for Windows had a security flaw in versions before 1.3834.0 where the CoworkVMService component (a background service running with high system privileges) did not properly check if directories were real folders or directory junctions (shortcuts that point to other locations) before creating files in them. An attacker with basic user access could trick this service into creating files in any location on the computer, potentially allowing them to gain administrator-level control of the system.","solution":"Update Claude Desktop to version 1.3834.0 or later, which includes a fix for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44470","publishedAt":"2026-05-13T16:16:58.263Z","cveId":"CVE-2026-44470","cweIds":["CWE-59","CWE-269"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Desktop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-13T16:16:58.263Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}