Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
AnalysisAI
Local attackers with standard user credentials can escalate privileges to NT AUTHORITY\SYSTEM in NAVER MYBOX Explorer for Windows through registry manipulation. The vulnerability affects versions prior to 3.0.11.160 and stems from improper privilege checks, allowing complete system control on compromised endpoints. EPSS risk is low at 0.02% (4th percentile), indicating minimal observed exploitation probability. No active exploitation has been reported and this vulnerability is not listed in CISA KEV.
Technical ContextAI
NAVER MYBOX Explorer is a cloud storage synchronization client for Windows. The vulnerability is rooted in CWE-266 (Incorrect Privilege Assignment), where the application fails to properly validate privilege boundaries when processing registry operations. Windows registry manipulation as a privilege escalation vector typically involves exploiting writable registry keys that control service behavior, scheduled tasks, or application startup parameters that execute with elevated privileges. The improper privilege checks allow a low-privileged user to modify registry entries that are subsequently processed by a higher-privileged component of MYBOX Explorer, resulting in code execution as NT AUTHORITY\SYSTEM - the highest privilege level on Windows systems.
RemediationAI
Upgrade NAVER MYBOX Explorer to version 3.0.11.160 or later, as confirmed by NAVER's security advisory at https://cve.naver.com/detail/cve-2026-8148.html. Organizations should prioritize endpoints where multiple users share systems or where users have interactive logon rights. If immediate patching is not feasible, implement compensating controls: restrict local user privileges through Windows User Account Control (UAC) enforcement and group policy to limit interactive logon rights to trusted administrators only, though this significantly impacts usability for legitimate MYBOX users. Monitor registry access to NAVER MYBOX Explorer paths using Windows Sysmon Event ID 13 (RegistryEvent) for unexpected modifications by non-SYSTEM accounts. Consider temporarily uninstalling MYBOX Explorer on high-value targets if business continuity permits alternative cloud storage solutions during patch deployment. Note that registry monitoring may generate high event volumes in production environments.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28530
GHSA-9r2v-r8jf-9prp