CVE-2026-22561 is a vulnerability identified in the Anthropic Claude Desktop Windows installer (Claude Setup.exe) versions prior to 1.1.3363. The core issue is an uncontrolled search path element vulnerability during DLL loading after the installer elevates privileges via UAC. Specifically, the installer loads certain DLLs, such as profapi.dll, from its own directory rather than a secure system path. This behavior allows an attacker with local access to place a malicious DLL with the same name in the installer's directory. When the installer runs with elevated privileges, it loads the attacker's DLL, resulting in arbitrary code execution with elevated rights. This type of attack is known as DLL search-order hijacking and is a common vector for local privilege escalation on Windows systems. The vulnerability requires the attacker to have local access and to trick a user into running the vulnerable installer, as user interaction is necessary. The CVSS 4.0 base score is 4.7, reflecting medium severity due to the local attack vector and required user interaction, but high impact on integrity and potential confidentiality. No public exploits have been reported, and the vendor has released version 1.1.3363 to address the issue, although no direct patch links are provided in the data. This vulnerability highlights the importance of secure DLL loading practices and proper installer design to prevent privilege escalation.

If exploited, this vulnerability allows an attacker with local access to escalate privileges on a Windows system running the vulnerable Anthropic Claude Desktop installer. The attacker can execute arbitrary code with elevated privileges, potentially leading to full system compromise, unauthorized access to sensitive data, and persistence on the affected machine. This undermines system integrity and confidentiality. Although exploitation requires local access and user interaction, environments where users frequently install or update software, such as corporate endpoints or developer machines, are at risk. The vulnerability could be leveraged as part of a multi-stage attack, where initial limited access is escalated to administrative control. This risk is particularly relevant for organizations relying on Anthropic Claude Desktop for AI-related workflows, as compromised systems could lead to data leakage or disruption of AI services. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often reverse-engineer patches to develop exploits.

Organizations should immediately update Anthropic Claude Desktop to version 1.1.3363 or later, where this vulnerability is addressed. Until updates are applied, users should avoid running the installer from untrusted directories and ensure that the installer's directory does not contain untrusted DLLs. Implement strict file system permissions on directories containing installers to prevent unauthorized file placement. Employ application whitelisting and endpoint protection solutions that can detect or block suspicious DLL loading behavior. Educate users about the risks of running installers from unknown sources and the importance of verifying installer integrity. Additionally, system administrators can monitor for unusual DLL loads or privilege escalation attempts using security event logs and endpoint detection tools. Consider isolating systems that require Anthropic Claude Desktop installations to reduce exposure. Finally, vendors should adopt secure DLL loading practices, such as using fully qualified paths or safe DLL search modes, to prevent similar vulnerabilities.