NoMachine

NoMachine, a remote desktop and access software vendor, has a high-severity vulnerability (CVSS 7.1) that requires local access and low-level user privileges to exploit, causing integrity and availability damage but not compromising confidentiality. The attack is straightforward to execute once an attacker gains local system access and does not require user interaction. Security teams should monitor for privilege escalation attempts and unauthorized modifications on systems running NoMachine, particularly in environments where multiple users have local access.