Skip to main content

Bytello Share EUVDEUVD-2026-29912

| CVE-2026-44612 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-05-13 jpcert GHSA-9wfr-j2f5-m367
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 13, 2026 - 16:01 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 13, 2026 - 15:52 vuln.today
cvss_changed
CVSS changed
May 13, 2026 - 15:52 NVD
7.8 (HIGH) 8.4 (HIGH)
Analysis Generated
May 13, 2026 - 06:31 vuln.today
CVE Published
May 13, 2026 - 05:44 nvd
HIGH 7.8

DescriptionCVE.org

Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

AnalysisAI

DLL hijacking in Bytello Share (Windows Edition) installer prior to version 5.13.0.4246 allows local attackers to execute arbitrary code with the privileges of the installing user. The installer insecurely loads DLLs from its current directory, enabling attackers who can place a malicious DLL in the same location to achieve code execution when a user runs the installer. EPSS probability is very low (0.01%, 3rd percentile) with no active exploitation identified, suggesting this requires significant local access prerequisites that limit real-world risk despite the high CVSS score.

Technical ContextAI

This vulnerability is a classic DLL search order hijacking attack (CWE-427: Uncontrolled Search Path Element). Windows applications, including installers, load DLLs at runtime by searching multiple directories in a specific order. When an application does not specify the full path to required DLLs, Windows searches the application's directory first, then system directories. The Bytello Share installer fails to use secure DLL loading practices such as specifying absolute paths or calling SetDllDirectory/SetDefaultDllSearchPaths to exclude the current directory. An attacker with write access to the installer's directory can place a malicious DLL with the same name as a legitimately-required library, causing the installer to load and execute the attacker's code instead. This affects the Windows Edition installer executable specifically, identified by CPE cpe:2.3:a:bytello:bytello_share_(windows_edition)_installer_executable prior to version 5.13.0.4246.

RemediationAI

Organizations should immediately upgrade to Bytello Share (Windows Edition) installer version 5.13.0.4246 or later, available from https://www.bytello.com/help/share/downloads. For environments managing software deployment centrally, replace all cached installer copies in distribution shares, SCCM/Intune packages, and local IT resource folders with the patched version. As a temporary mitigation for environments that cannot immediately refresh installer packages, implement these specific controls with their trade-offs: 1) Store installer executables only on administrator-controlled network shares with write permissions restricted to IT staff (prevents attacker DLL placement but requires network access during installation), 2) Verify installer digital signatures before execution and run only from read-only media or trusted download locations (adds operational overhead but prevents tampering), 3) Use Application Control policies (AppLocker/WDAC) to whitelist the legitimate installer hash and block DLL loading from user-writable directories during installation (complex policy configuration and may break legitimate installer functionality requiring testing). Note that already-installed Bytello Share software is not vulnerable - only the installation process itself is affected.

Share

EUVD-2026-29912 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy