CVE-2026-3091

Medium CVSS: 6.7

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.

Vendor

Synology

Product

Presto Client

CWE

CWE-427

Yayın Tarihi

2026-02-24 03:16:03

Güncelleme

2026-03-04 02:21:20

Source Identifier

security@synology.com

KEV Date Added

Kategoriler

CWE-427 Presto Client MEDIUM Synology 2026

Referanslar

https://www.synology.com/en-global/security/advisory/Synology_SA_26_02

Benzer Kayıtlar

Medium

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users…

High

CVE-2025-54159

Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attack…

High

CVE-2025-54160

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology Bee…

High

CVE-2025-54158

Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-139…

Medium

CVE-2025-2848

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings,…

Medium

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.