cvedb.io
CVE-2026-4255
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-03-16T14:20:19.480 · Last modified 2026-06-17T10:56:18.857

Summary

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library (DLL) dependencies using the default Windows search order, which includes directories that may be writable by non-privileged users.\n\n\n\nBecause these directories can be modified by unprivileged users, an attacker can place a malicious DLL with the same name as a legitimate dependency in a directory that is searched before trusted system locations. When the application is executed, which is always with administrative privileges, the malicious DLL is loaded instead of the legitimate library.\n\n\n\nThe application does not enforce restrictions on DLL loading locations and does n

Affected products

thermalright — tr-vision_home

Does this affect you?

Add your gear to cvedb and we'll alert you only when thermalright ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.