Skip to main content

Hp Dock Accessory CVE-2026-7539

| EUVDEUVD-2026-39057 HIGH
Creation of Temporary File in Directory with Insecure Permissions (CWE-379)
2026-06-24 hp GHSA-fcm3-pjp2-xx9r
7.3
CVSS 4.0 · Vendor: hp
Share

Severity by source

Vendor (hp) PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (hp) · only source for this CVE.

CVSS VectorVendor: hp

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jun 24, 2026 - 22:03 EUVD
Analysis Generated
Jun 24, 2026 - 20:51 vuln.today

DescriptionCVE.org

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability.

AnalysisAI

Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

24 hours: Inventory all systems with HP Docking Stations and document affected WMI Provider installer versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-7539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy