cvedb.io
CVE-2026-5053
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2026-04-11T01:16:17.757 · Last modified 2026-06-17T10:58:20.700

Summary

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of environment variables. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-28644.

Affected products

nomachine — nomachine

Does this affect you?

Add your gear to cvedb and we'll alert you only when nomachine ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.