CVE-2026-22561: Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.336
Summary
CVE-2026-22561 is a vulnerability in Anthropic Claude for Windows installer (Claude Setup.exe) versions before 1.1.336 that allows local privilege escalation through DLL search-order hijacking (a technique where an attacker places a malicious library file in a directory where the installer looks for code, causing it to run the attacker's code instead of the legitimate one). After the installer gains elevated permissions, it loads DLL files from its own directory, which means an attacker can plant a malicious DLL alongside the installer to execute arbitrary code.
Solution / Mitigation
Update to Claude for Windows installer version 1.1.336 or later.
Vulnerability Details
EPSS: 0.0%
March 31, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22561
First tracked: March 31, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%