CVE-2026-3780

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,3

Source: 14984358-7092-470d-8f34-ade47a7658a2

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.

426

Untrusted Search Path

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://www.foxit.com/support/security-bulletins.html

CVE-2026-3780

Description

Untrusted Search Path

Common Consequences

Applicable Platforms

Iscriviti alla newsletter