{"data":{"id":"dc41b5b5-429b-46ad-a5d2-bc4e13ed2e53","title":"CVE-2026-22561: Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336","summary":"CVE-2026-22561 is a vulnerability in Anthropic Claude for Windows installer (Claude Setup.exe) versions before 1.1.336 that allows local privilege escalation through DLL search-order hijacking (a technique where an attacker places a malicious library file in a directory where the installer looks for code, causing it to run the attacker's code instead of the legitimate one). After the installer gains elevated permissions, it loads DLL files from its own directory, which means an attacker can plant a malicious DLL alongside the installer to execute arbitrary code.","solution":"Update to Claude for Windows installer version 1.1.336 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-22561","publishedAt":"2026-03-31T16:16:28.850Z","cveId":"CVE-2026-22561","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic Claude for Windows"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-31T16:16:28.850Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}