Login Sign Up

CWE-426: CWE-426

124
Total CVEs
10
Critical
103
High
7.6
Avg CVSS

Yearly Trend

2026
16
2025
43
2024
28
2023
25
2022
7

Top Affected Vendors

1 Microsoft 16
2 Wondershare 8
3 Zoom 7
4 Adobe 5
5 Autodesk 4
6 Netapp 2
7 Git For Windows Project 2
8 Fortinet 2
9 Sumatrapdfreader 2
10 Python 2

All CWE-426 CVEs (124)

CVE-2025-26155
9.8

This CVE describes an Untrusted Search Path vulnerability in NCP VPN clients that allows attackers to execute arbitrary code by placing malicious DLLs...

Nov 26, 2025
CVE-2024-53866
9.8

This vulnerability in pnpm package manager allows malicious npm packages to bypass security controls and execute arbitrary code during installation. I...

Dec 10, 2024
CVE-2024-38462
9.8

This vulnerability in iRODS before version 4.3.2 involves the msiSendMail function's insecure dependency on the mail binary, allowing command injectio...

Jun 16, 2024
CVE-2023-30330
9.8

SoftExpert Excellence Suite 2.x versions before 2.1.3 contain a Local File Inclusion vulnerability in the defaultframe_filter.php component. This allo...

May 12, 2023
CVE-2022-24826
9.8

This vulnerability allows arbitrary code execution on Windows systems when Git LFS processes malicious repositories. Attackers can trick Git LFS into ...

Apr 20, 2022
CVE-2022-26184
9.8

CVE-2022-26184 is an untrusted search path vulnerability in Poetry package manager versions 1.1.9 and below on Windows. This allows attackers to execu...

Mar 21, 2022
CVE-2025-49457
9.6

This vulnerability allows an unauthenticated attacker on the same network to escalate privileges on Windows systems running vulnerable Zoom clients. A...

Aug 12, 2025
CVE-2024-58250
9.3

The passprompt plugin in pppd (Point-to-Point Protocol daemon) before version 2.5.2 mishandles privileges, potentially allowing local privilege escala...

Apr 22, 2025
CVE-2025-31480
9.1

This is a privilege escalation vulnerability in the aiven-extras PostgreSQL extension that allows attackers to gain superuser privileges within Postgr...

Apr 4, 2025
CVE-2025-23266
9.0

CVE-2025-23266 is a container escape vulnerability in NVIDIA Container Toolkit that allows attackers to execute arbitrary code with elevated permissio...

Jul 17, 2025
CVE-2026-24070
8.8

This vulnerability allows local privilege escalation on macOS systems running Native Access. A low-privileged user can exploit DYLIB injection in the ...

Feb 2, 2026
CVE-2024-44103
8.8

This vulnerability allows a local authenticated attacker to perform DLL hijacking in Ivanti Workspace Control's management console, enabling privilege...

Sep 10, 2024
CVE-2024-6975
8.8

This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Cato Networks SDP Client. Attackers...

Jul 31, 2024
CVE-2024-32019
8.8

CVE-2024-32019 is a local privilege escalation vulnerability in Netdata's ndsudo tool that allows attackers to execute arbitrary programs with root pe...

Apr 12, 2024
CVE-2024-26198
8.8

CVE-2024-26198 is a remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected syste...

Mar 12, 2024
CVE-2022-4883
8.8

CVE-2022-4883 is a path injection vulnerability in libXpm where the library calls external compression programs (like gzip) using the PATH environment...

Feb 7, 2023
CVE-2017-20123
8.8

This vulnerability in Viscosity VPN client allows attackers to execute arbitrary code by exploiting an untrusted search path issue in the DLL handler....

Jun 30, 2022
CVE-2021-41387
8.8

CVE-2021-41387 is a privilege escalation vulnerability in seatd-launch component of seatd (a seat management daemon for Wayland compositors). It allow...

Sep 17, 2021
CVE-2026-23512
8.6

SumatraPDF versions 3.5.2 and earlier contain an untrusted search path vulnerability that allows arbitrary code execution. When users trigger the Adva...

Jan 14, 2026
CVE-2026-21280
8.6

This CVE describes an untrusted search path vulnerability in Adobe Illustrator that could allow arbitrary code execution when a user opens a malicious...

Jan 13, 2026
CVE-2023-26358
8.6

This CVE describes an Untrusted Search Path vulnerability in Adobe Creative Cloud versions 5.9.1 and earlier. Attackers can manipulate the application...

Mar 22, 2023
CVE-2023-23618
8.6

CVE-2023-23618 is a path traversal vulnerability in Git for Windows where the gitk tool can inadvertently execute malicious executables from the curre...

Feb 14, 2023
CVE-2024-48123
8.4

This vulnerability allows attackers to execute arbitrary code on HI-SCAN 6040i Hitrax HX-03-19-I devices by uploading a malicious script via USB autor...

Jan 15, 2025
CVE-2024-24810
8.2

The WiX toolset vulnerability allows attackers to perform DLL redirection attacks via the .be TEMP folder, enabling privilege escalation. This affects...

Feb 7, 2024
CVE-2022-31012
8.2

CVE-2022-31012 is a vulnerability in Git for Windows where the installer mistakenly executes a binary from C:\mingw64\bin\git.exe during fresh install...

Jul 12, 2022
CVE-2024-8733
8.0

This vulnerability in HP One Agent allows local attackers to escalate privileges on affected HP PC systems. Attackers could gain higher-level system a...

Oct 2, 2024
CVE-2024-35260
8.0

This CVE describes an untrusted search path vulnerability in Microsoft Dataverse that allows authenticated attackers to execute arbitrary code over a ...

Jun 27, 2024
CVE-2026-2998
7.8

This CVE describes a DLL hijacking vulnerability in eAI Technologies ERP software where authenticated local attackers can place malicious DLL files in...

Feb 23, 2026
CVE-2026-25880
7.8

SumatraPDF versions 3.5.2 and earlier contain a vulnerability where clicking 'Show in folder' in the File menu executes explorer.exe from the same dir...

Feb 9, 2026
CVE-2026-0662
7.8

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious project directories in Autodesk 3ds Max. The at...

Feb 4, 2026
CVE-2025-12793
7.8

This vulnerability allows a local attacker to execute arbitrary code by tricking AsusSoftwareManagerAgent into loading a malicious DLL from a controll...

Jan 6, 2026
CVE-2025-67722
7.8

This CVE describes an authenticated local privilege escalation vulnerability in FreePBX's deprecated amportal startup script. Attackers who are member...

Dec 16, 2025
CVE-2025-64785
7.8

This CVE describes an untrusted search path vulnerability in Adobe Acrobat Reader that allows attackers to execute arbitrary code without user interac...

Dec 9, 2025
CVE-2025-60718
7.8

This vulnerability in Windows Administrator Protection allows an authenticated attacker to exploit an untrusted search path to elevate privileges loca...

Nov 11, 2025
CVE-2025-5039
7.8

This vulnerability allows arbitrary code execution when Autodesk applications load malicious binary files from untrusted locations. Attackers can expl...

Jul 24, 2025
CVE-2024-12168
7.8

Yandex Telemost for Desktop versions before 2.7.0 are vulnerable to DLL hijacking due to an untrusted search path. Attackers can place malicious DLLs ...

Jun 2, 2025
CVE-2025-2501
7.8

An untrusted search path vulnerability in Lenovo PC Manager allows local attackers to execute arbitrary code with elevated privileges by placing malic...

May 30, 2025
CVE-2025-4802
7.8

This vulnerability in GNU C Library (glibc) versions 2.27 to 2.38 allows attackers to load malicious shared libraries via the LD_LIBRARY_PATH environm...

May 16, 2025
CVE-2025-27743
7.8

CVE-2025-27743 is an untrusted search path vulnerability in Microsoft System Center that allows an authorized attacker to execute arbitrary code with ...

Apr 8, 2025
CVE-2025-24789
7.8

This vulnerability allows attackers with write access to a directory in the Windows %PATH% environment variable to escalate privileges when the Snowfl...

Jan 29, 2025
CVE-2025-0707
7.8

CVE-2025-0707 is a critical untrusted search path vulnerability in Rise Group Rise Mode Temp CPU 2.1 that allows local attackers to execute arbitrary ...

Jan 24, 2025
CVE-2025-21365
7.8

CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office that allows attackers to execute arbitrary code on a victim's system by tr...

Jan 14, 2025
CVE-2024-11454
7.8

This DLL hijacking vulnerability in Autodesk Revit allows attackers to execute arbitrary code by placing a malicious DLL in the same directory as an R...

Dec 9, 2024
CVE-2024-49515
7.8

CVE-2024-49515 is an untrusted search path vulnerability in Substance3D Painter that could allow attackers to execute arbitrary code by manipulating t...

Nov 12, 2024
CVE-2024-7995
7.8

This vulnerability in VRED Design allows privilege escalation to SYSTEM level when a malicious binary file is downloaded and executed. Attackers can e...

Nov 5, 2024
CVE-2024-43576
7.8

This vulnerability in Microsoft Office allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially craft...

Oct 8, 2024
CVE-2024-9325
7.8

This critical vulnerability in Intelbras InControl allows local attackers to execute arbitrary code through an unquoted search path in the watchdog se...

Sep 29, 2024
CVE-2024-6080
7.8

This critical vulnerability in Intelbras InControl allows local attackers to execute arbitrary code through an unquoted search path in the incontrolWe...

Jun 17, 2024
CVE-2024-30100
7.8

This vulnerability in Microsoft SharePoint Server allows authenticated attackers to execute arbitrary code remotely by uploading specially crafted fil...

Jun 11, 2024
CVE-2024-28133
7.8

This vulnerability allows a local low-privileged attacker to exploit an untrusted search path in a CHARX system utility to escalate privileges to root...

May 14, 2024

About CWE-426 (CWE-426)

Our database tracks 124 CVEs classified as CWE-426, with 10 rated critical and 103 rated high severity. The average CVSS score for CWE-426 vulnerabilities is 7.6.

External reference: View CWE-426 on MITRE CWE →

Monitor CWE-426 Vulnerabilities

Get alerted when new CWE-426 CVEs affect your infrastructure.

Start Monitoring Free