216.73.217.172

CVE-2026-3780

· Published 01/04/2026 02:16 · Modified 01/04/2026 14:23

Labels: CVE-2026-3780 14984358-7092-470d-8f34-ade47a7658a22026-04-01CVE-2026-3780CWE-426

Essential information

Published
01/04/2026 02:16
Modified
01/04/2026 14:23
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.

NVD status

Status
Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
14984358-7092-470d-8f34-ade47a7658a2
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / * cpe:2.3:a:*:*:*:*:*:*:*:*:*:*

References