Anthropic Claude Desktop vulnerabilities
2 known vulnerabilities affecting anthropic/claude_desktop.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-44470P3HIGHCVSS 7.8fixed in 1.3834.02026-05-13
CVE-2026-44470 [HIGH] CWE-59 CVE-2026-44470: The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files within it. A
nvd
CVE-2026-44467P3MEDIUMCVSS 6.8≥ 1.2581.0, < 1.4304.02026-05-13
CVE-2026-44467 [MEDIUM] CWE-297 CVE-2026-44467: The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's presented host key against the stored key. This allow
nvd