diff --git a/Cargo.lock b/Cargo.lock
index 910bc166b..8d02eff8f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -657,6 +657,7 @@ dependencies = [
  "treeline",
  "url",
  "wasi 0.14.7+wasi-0.2.4",
+ "windows-sys 0.59.0",
  "wstd",
 ]
 
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index d172543af..dc4c6f592 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -51,6 +51,9 @@ etcetera = "0.11.0"
 reqwest = { version = "0.12.4", features = ["blocking"] }
 tokio = { version = "1.44.2", features = ["rt", "rt-multi-thread"] }
 
+[target.'cfg(windows)'.dependencies]
+windows-sys = { version = "0.59", features = ["Win32_System_LibraryLoader"] }
+
 [target.'cfg(target_os = "wasi")'.dependencies]
 wasi = "0.14"
 wstd = "0.5"
diff --git a/cli/src/main.rs b/cli/src/main.rs
index 53181594a..86edf084b 100644
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -630,6 +630,23 @@ fn print_reader(reader: &Reader, detailed: bool, crjson: bool) -> Result<()> {
 }
 
 fn main() -> Result<()> {
+    // Harden against DLL hijacking on Windows by removing the current working
+    // directory from the DLL search path. Without this, Windows' default DLL
+    // search order includes the CWD, which allows an attacker to place a
+    // malicious DLL alongside the executable. LOAD_LIBRARY_SEARCH_DEFAULT_DIRS
+    // restricts the search to: the application directory, System32, and
+    // directories added via AddDllDirectory/SetDllDirectory — excluding the CWD.
+    // SAFETY: no invariants to uphold; the argument is a valid constant.
+    #[cfg(windows)]
+    unsafe {
+        if windows_sys::Win32::System::LibraryLoader::SetDefaultDllDirectories(
+            windows_sys::Win32::System::LibraryLoader::LOAD_LIBRARY_SEARCH_DEFAULT_DIRS,
+        ) == 0
+        {
+            bail!("Failed to set default DLL directories");
+        }
+    }
+
     let args = CliArgs::parse();
 
     // set RUST_LOG=debug to get detailed debug logging