contentauth · scouten-adobe · Apr 9, 2026 · Apr 10, 2026 · Apr 10, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
@@ -51,6 +51,9 @@ etcetera = "0.11.0"
 reqwest = { version = "0.12.4", features = ["blocking"] }
 tokio = { version = "1.44.2", features = ["rt", "rt-multi-thread"] }
 
+[target.'cfg(windows)'.dependencies]
+windows-sys = { version = "0.59", features = ["Win32_System_LibraryLoader"] }
+
 [target.'cfg(target_os = "wasi")'.dependencies]
 wasi = "0.14"
 wstd = "0.5"

diff --git a/cli/src/main.rs b/cli/src/main.rs
@@ -630,6 +630,23 @@ fn print_reader(reader: &Reader, detailed: bool, crjson: bool) -> Result<()> {
 }
 
 fn main() -> Result<()> {
+    // Harden against DLL hijacking on Windows by removing the current working
+    // directory from the DLL search path. Without this, Windows' default DLL
+    // search order includes the CWD, which allows an attacker to place a
+    // malicious DLL alongside the executable. LOAD_LIBRARY_SEARCH_DEFAULT_DIRS
+    // restricts the search to: the application directory, System32, and
+    // directories added via AddDllDirectory/SetDllDirectory — excluding the CWD.
+    // SAFETY: no invariants to uphold; the argument is a valid constant.
+    #[cfg(windows)]
+    unsafe {
+        if windows_sys::Win32::System::LibraryLoader::SetDefaultDllDirectories(
+            windows_sys::Win32::System::LibraryLoader::LOAD_LIBRARY_SEARCH_DEFAULT_DIRS,
+        ) == 0
+        {
+            bail!("Failed to set default DLL directories");
+        }
+    }
+
     let args = CliArgs::parse();
 
     // set RUST_LOG=debug to get detailed debug logging