Skip to main content

Rufus

3 CVEs product

Monthly

CVE-2026-23988 HIGH POC PATCH This Week

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Race Condition Rufus
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2019-1010101 CRITICAL Act Now

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-1010100 HIGH This Week

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
7.8
EPSS
1.3%
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Race Condition Rufus
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy