CVE-2026-25676
HIGHSeverity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.
AnalysisAI
M-Track Duo HD version 1.0.0 installer is vulnerable to DLL hijacking due to improper library search path handling, enabling local attackers to execute arbitrary code with administrator privileges. An attacker with local access and user interaction can exploit this vulnerability by placing malicious DLLs in predictable locations to gain full system compromise. No patch is currently available for this high-severity vulnerability.
Technical ContextAI
Classified as CWE-427 (Uncontrolled Search Path Element). The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.
Affected ProductsAI
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today