top of page
perceptive_background_267k.jpg

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain…

Published:

23 april 2026 om 22:00:00

Alert date:

24 april 2026 om 23:01:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Supply Chain & Dependencies

NSIS (Nullsoft Scriptable Install System) versions 3.06.1 through 3.12 contain a privilege escalation vulnerability. The issue occurs when NSIS executes as SYSTEM and sometimes uses the Low IL temp directory. Local attackers can exploit this vulnerability to gain elevated privileges by causing the my_GetTempFileName function to return 0. This affects installations and deployments using vulnerable NSIS versions where attackers have local access to the system.

Technical details

Mitigation steps:

Affected products:

NSIS (Nullsoft Scriptable Install System)

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42171
https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484
https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page