7.8
CVE-2026-42171
- EPSS 0.21%
- Veröffentlicht 24.04.2026 21:20:35
- Zuletzt bearbeitet 18.05.2026 14:33:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nullsoft ≫ Nullsoft Scriptable Install System Version >= 3.06.1 < 3.12
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.11 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl
https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca
https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename