Skip to main content

Nullsoft Scriptable Install System

2 CVEs product

Monthly

CVE-2026-42171 HIGH PATCH This Week

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-37378 MEDIUM PATCH This Month

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy