cvedb.io
CVE-2026-42171
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-04-24T22:16:01.540 · Last modified 2026-06-17T10:47:27.900

Summary

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Affected products

nullsoft — nullsoft_scriptable_install_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when nullsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.