Description
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A local non-elevated user could replace the user-writable VM bundle directory with a directory junction pointing to an attacker-chosen location, causing the service to create a SYSTEM-owned file in an arbitrary directory. This could be leveraged for local privilege escalation. This vulnerability is fixed in 1.3834.0.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local user can exploit a missing validation in the CoworkVMService component of Claude Desktop, which runs with SYSTEM privileges on Windows. The service fails to check whether the VM bundle directory is a legitimate path or an NTFS directory junction, allowing an attacker to replace the user‑writable directory with a junction pointing to a location of their choice. When the service creates files within the directory, those files are written with SYSTEM ownership, effectively granting the attacker SYSTEM‑level files and escalating local privileges.

Affected Systems

Anthropics Claude Desktop version 1.3834.0 and earlier on Windows systems are affected. This applies to any installation that includes the CoworkVMService component before the 1.3834.0 fix.

Risk and Exploitability

The vulnerability has a CVSS score of 8.5, indicating a high severity local privilege escalation. No EPSS data is available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting it has not yet been widely abused. The attack requires an authenticated local user with file‑write permissions to the VM bundle directory and no remote access. An attacker can create a directory junction pointing to an arbitrary location and cause the SYSTEM‑running service to generate files in that location, providing a path to elevate privileges to SYSTEM level.

Generated by OpenCVE AI on May 13, 2026 at 17:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Claude Desktop to version 1.3834.0 or later to apply the security fix.
  • Restrict write access to the VM bundle directory for non‑administrative users to prevent creation of directory junctions.
  • Verify that the CoworkVMService service runs with the intended privileges and consider disabling it if not needed.

Generated by OpenCVE AI on May 13, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Anthropics
Anthropics claude Code
Vendors & Products Anthropics
Anthropics claude Code

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A local non-elevated user could replace the user-writable VM bundle directory with a directory junction pointing to an attacker-chosen location, causing the service to create a SYSTEM-owned file in an arbitrary directory. This could be leveraged for local privilege escalation. This vulnerability is fixed in 1.3834.0.
Title Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService
Weaknesses CWE-269
CWE-59
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Anthropics Claude Code
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-13T18:37:19.139Z

Reserved: 2026-05-06T17:18:51.782Z

Link: CVE-2026-44470

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:58.263

Modified: 2026-05-13T16:58:40.557

Link: CVE-2026-44470

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:00:05Z

Weaknesses