Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
31/03/2026
Zero-Day Initiative

ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability

by Deepanshu Jha
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5054.
  • Next ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
  • Previous ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

Comments are closed.

You may also like

ZDI-25-1082: (0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required...

12/12/2025
Zero-Day Initiative

ZDI-25-313: Hewlett Packard Enterprise StoreOnce VSA determineInclusionAndExtract Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication...

03/06/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2026. All Rights Reserved.