CVE-2026-42171

Published
View on NVD ↗
CVSS v3
7.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

NSIS-Dev/nsis
NSIS-Dev/nsis
***This is just a mirror of https://sf.net/projects/nsis -- please report issues there*** NSIS (Nullsoft Scriptable Install System) is a professional open source system to create Windows installers. It is designed to be as small and flexible as possible and is therefore very suitable for internet distribution.
GitHubGitHub
832