7.8

CVE-2026-42171

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NullsoftNullsoft Scriptable Install System Version >= 3.06.1 < 3.12
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl
Release Notes
https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca
Patch
https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484
Product
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename
Product