HIGHCVE-2026-42171Published Modified CNA mitre
CVE-2026-42171: NSIS (Nullsoft Scriptable Install System) 3
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 3.12
- Affected Products
- 1
Fix available
3.12
Affected packages
- Nullsoft / Nullsoft Scriptable Install System< 3.12 (from 3.06.1)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H