Skip to main content

Dfir Orc

1 CVEs product

Monthly

CVE-2026-11958 HIGH PATCH This Week

Local privilege escalation in ANSSI's DFIR-ORC versions 10.2.7 and prior allows a low-privileged local user to gain administrator rights by planting a malicious DLL in C:\Windows\Temp, which the tool loads automatically when extracted and executed from that shared directory. The flaw is a classic uncontrolled search path (CWE-427) issue and was reported by INCIBE; no public exploit identified at time of analysis and the CVE is not in CISA KEV. The vendor has shipped a fix in DFIR-ORC v10.3.0, which adds ACL hardening on extraction directories.

Privilege Escalation Microsoft Dfir Orc
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.1%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in ANSSI's DFIR-ORC versions 10.2.7 and prior allows a low-privileged local user to gain administrator rights by planting a malicious DLL in C:\Windows\Temp, which the tool loads automatically when extracted and executed from that shared directory. The flaw is a classic uncontrolled search path (CWE-427) issue and was reported by INCIBE; no public exploit identified at time of analysis and the CVE is not in CISA KEV. The vendor has shipped a fix in DFIR-ORC v10.3.0, which adds ACL hardening on extraction directories.

Privilege Escalation Microsoft Dfir Orc
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy