cvedb.io
CVE-2024-7062
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-07-26T12:15:03.873 · Last modified 2026-06-17T08:19:17.410

Summary

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.

Affected products

mikekazakov — nimble_commander

Does this affect you?

Add your gear to cvedb and we'll alert you only when mikekazakov ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.