216.73.217.80

CVE-2026-5397

· Published 15/04/2026 05:16 · Modified 15/04/2026 05:16

Labels: CVE-2026-5397 2026-04-15CVE-2026-5397CWE-427bba440f9-ef23-4224-aa62-7ac0935d18d1

Essential information

Published
15/04/2026 05:16
Modified
15/04/2026 05:16
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
bba440f9-ef23-4224-aa62-7ac0935d18d1
NVD
View on NVD

Affected products (CPE)

ProductCPE
unknown / ups management application cpe:2.3:a:unknown:ups_management_application:*:*:*:*:*:*:*:*

References