EUVD-2026-23197

| CVE-2026-41030 MEDIUM

2026-04-16 mitre

Information Disclosure

6.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

patch_available

Apr 16, 2026 - 07:01 EUVD

Analysis Generated

Apr 16, 2026 - 06:40 vuln.today

DescriptionNVD

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

AnalysisAI

ONLYOFFICE DesktopEditors versions before 9.3.0 allow local attackers to perform arbitrary file operations with SYSTEM privileges via the update service, resulting in denial of service through resource exhaustion or file manipulation. The vulnerability requires local access and operates without user interaction, making it a significant privilege-escalation risk in multi-user or compromised-account scenarios.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23197 vulnerability details – vuln.today

Back

EUVD-2026-23197

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code