CVE-2026-44470

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Claude Desktop for Windows versions prior to 1.3834.0

Description The CoworkVMService component runs as SYSTEM and fails to validate if the VM bundle directory is a legitimate directory or an NTFS directory junction before file creation. A local non-elevated user can replace the writable VM bundle directory with a junction pointing to a location of their choice, forcing the service to create a SYSTEM-owned file in an arbitrary directory. This flaw can be exploited to achieve local privilege escalation, which is the process of gaining higher-level permissions on a system than those originally assigned to the user.

Recommendations Update to version 1.3834.0.

Fix

LPE

Link Following

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-269

Related Identifiers

CVE-2026-44470

Affected Products

Claude Desktop

CVE-2026-44470

Weakness Enumeration

Related Identifiers

Affected Products

References · 4