CVE-2026-42171 | Nullsoft Scriptable Install System up to 3.11 my_GetTempFileName uncontrolled search path

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability marked as problematic has been reported in Nullsoft Scriptable Install System up to 3.11. Impacted is the function my_GetTempFileName. The manipulation leads to uncontrolled search path.

This vulnerability is listed as CVE-2026-42171. The attack must be carried out locally. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-42171 | Nullsoft Scriptable Install System up to 3.11 my_GetTempFileName uncontrolled search path

Post correlati

CVE-2024-7838 | itsourcecode Online Food Ordering System 1.0 /addcategory.php cname sql injection

CVE-2025-53959 | JetBrains YouTrack prior 2025.2.86069/2024.3.85077/2025.1.86199 Administrative API authorization

CVE-2024-37160 | Formwork up to 1.13.0/2.0.0-beta.1 /panel/options/site cross site scripting (GHSA-5pxr-7m4j-jjc6)

CVE-2026-6126 | zhayujie chatgpt-on-wechat CowAgent 2.0.4 Administrative HTTP Endpoint missing authentication (Issue 2733)