CVE-2026-42171
7.8 HIGHNSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing ...
Published: 2026-04-24 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-427
Affected products
| Vendor | Product |
|---|---|
| nullsoft | nullsoft_scriptable_install_system |
Description
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-42171
- [Other]https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484
- [Patch]https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca
- [Other]https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename
- [Other]https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl
Related CVEs
Same CWE
- CVE-2026-12003 — To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build...
- CVE-2024-22451 — Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2024-22447 — Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2026-5064 — Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow ...
- CVE-2026-50100 — Multiple printer drivers provided by Ricoh Company, Ltd (7.8 HIGH)