How is CVE-2026-10696 exploited?

Network reachability (required): The attacker delivers the malicious catalog package over the network via the WinGet community catalog, so the affected host must be able to reach that network service. Authentication (not-required): No authentication is required from the attacker; any WinGet community catalog contributor account is sufficient, and the victim-side trigger requires no credentials beyond normal user operation. Victim interaction (required): A user must apply the proposed update surfaced by UniGetUI, making this a social-engineering vector where the attacker relies on the user accepting a routine-looking update prompt. Attack complexity (info): Attack complexity is low: once the crafted package name is accepted into the catalog, the substring-match condition is reliably met without race conditions or special environmental tuning.

What is the impact of CVE-2026-10696?

The attacker-controlled installer executes on the victim host with the privileges of the user who accepted the update, allowing arbitrary code to run. Installed software integrity is broken: the legitimate application entry is silently replaced or shadowed by attacker-controlled binaries. Depending on installer payload, the attacker can establish persistence, drop additional malware, or pivot to other processes running under the same user session. Availability of the affected application is disrupted if the malicious installer overwrites or corrupts the legitimate installation.

Back to search

HIGHCVE-2026-10696Published 2026-06-17Modified 2026-06-17CNA DEVOLUTIONS

CVE-2026-10696: Use of an incorrectly resolved name or reference in the pinget backend

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an attacker-controlled installer via a crafted catalog package whose normalized name is contained as a substring within the installed application name when a user applies the proposed update.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a name-resolution confusion vulnerability in the pinget backend of Devolutions UniGetUI versions 2026.2.1 and earlier. An attacker who is a WinGet community catalog contributor can craft a malicious catalog package whose normalized name appears as a substring within a legitimate installed application name, tricking the backend into correlating the two. When a user applies the proposed update, the attacker-controlled installer executes on the host. No fix has been published yet; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection of CVE-2026-10696 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle UniGetUI or its dependencies.

Available

Triage

HarborGuard is capable of scoring this CVE at 7.5 HIGH using the published CVSS v3.1 vector and weighting the finding against each environment's compliance policy. Routed findings land in the inbox of the team or individual responsible for the affected workload within each customer org.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment Devolutions ships a corrected release. In the meantime, customers can apply compensating controls through HarborGuard's policy engine to flag or block images containing the affected UniGetUI versions.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker delivers the malicious catalog package over the network via the WinGet community catalog, so the affected host must be able to reach that network service.
AuthenticationNot required
No authentication is required from the attacker; any WinGet community catalog contributor account is sufficient, and the victim-side trigger requires no credentials beyond normal user operation.
Victim interactionRequired
A user must apply the proposed update surfaced by UniGetUI, making this a social-engineering vector where the attacker relies on the user accepting a routine-looking update prompt.
Attack complexityDetail
Attack complexity is low: once the crafted package name is accepted into the catalog, the substring-match condition is reliably met without race conditions or special environmental tuning.

Blast Radius

The attacker-controlled installer executes on the victim host with the privileges of the user who accepted the update, allowing arbitrary code to run.
Installed software integrity is broken: the legitimate application entry is silently replaced or shadowed by attacker-controlled binaries.
Depending on installer payload, the attacker can establish persistence, drop additional malware, or pivot to other processes running under the same user session.
Availability of the affected application is disrupted if the malicious installer overwrites or corrupts the legitimate installation.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists for CVE-2026-10696, HarborGuard continuously re-checks the Devolutions advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix version is published. Until then, customers are advised to use HarborGuard's policy engine to flag or block images containing UniGetUI at or below version 2026.2.1. Additional compensating controls worth considering include restricting outbound access from affected hosts to the WinGet community catalog endpoint via network policy, and disabling the automatic update-proposal feature in UniGetUI through feature-flag or configuration management until a fix is available. For customers who opt into auto-remediation, HarborGuard will trigger a rebuild, run regression tests, and open a PR against affected workloads as soon as an upstream fix is confirmed.

See how HarborGuard automates this

Affected packages

Devolutions / UniGetUI
≤ 2026.2.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

devolutions.net

Metrics

Get notified