cvedb.io
CVE-2022-46330
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2022-12-21T09:15:08.873 · Last modified 2026-06-17T05:11:32.550

Summary

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

Affected products

squirrel.windows_project — squirrel.windows

Does this affect you?

Add your gear to cvedb and we'll alert you only when squirrel.windows_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.