CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42171

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.5%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-42171

Nullsoft » Nullsoft Scriptable Install System » Version: 3.06.1

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.06.1
Nullsoft » Nullsoft Scriptable Install System » Version: 3.07

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.07
Nullsoft » Nullsoft Scriptable Install System » Version: 3.08

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.08
Nullsoft » Nullsoft Scriptable Install System » Version: 3.09

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.09
Nullsoft » Nullsoft Scriptable Install System » Version: 3.10

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.10
Nullsoft » Nullsoft Scriptable Install System » Version: 3.11

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:3.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42171

Products

Pricing

Contact Us