CVE-2026-33156

Exploit

EPSS 0.01%
Veröffentlicht 20.03.2026 20:29:13
Zuletzt bearbeitet 27.03.2026 21:12:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32 directory, allowing arbitrary code execution in the user's context. This is especially impactful because ScreenToGif is primarily distributed as a portable application intended to be run from user-writable locations. At time of publication, there are no publicly available patches.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Screentogif ≫ Screentogif Version <= 2.42.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://github.com/NickeManarin/ScreenToGif/security/advisories/GHSA-3fmj-j696-9mg2

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-33156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33156

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33156