CVE-2026-3091

Опубликовано: 24 фев. 2026

Источник: nvd

CVSS3: 6.7

CVSS3: 7.3

EPSS Низкий

Описание

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer.

Ссылки

https://www.synology.com/en-global/security/advisory/Synology_SA_26_02
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synology:presto_client:*:*:*:*:*:*:*:*

Версия до 2.1.3-0672 (исключая)

EPSS

Процентиль: 4%

0.00145

Низкий

6.7 Medium

CVSS3

7.3 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

GHSA-fj46-cfm8-7pc4

CVSS3: 6.7

github

4 месяца назад

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.

EPSS

Процентиль: 4%

0.00145

Низкий

6.7 Medium

CVSS3

7.3 High

CVSS3

Дефекты

CWE-427