CVE Catalog

CVE-2026-11958

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

The vulnerability allows local privilege escalation by loading malicious DLLs from a shared temporary directory in DFIR-ORC versions 10.2.7 and prior. An attacker with access to the system can place a malicious DLL in C:\Windows\Temp, enabling automatic loading when the application is executed with administrative privileges.

Risk Assessment

The organization is at risk of an attacker gaining control over the system, potentially leading to data loss or unauthorized access to resources. The escalation of privileges to administrator level poses a serious security threat.

Recommendation

It is recommended to update DFIR-ORC to the latest version to mitigate this vulnerability. Additionally, access to the C:\Windows\Temp directory should be restricted, and its contents monitored for potential threats.

Original NVD description (English source)

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and executed from that location with administrative privileges, the malicious library can be loaded automatically, allowing the attacker to gain administrator privileges on the affected machine.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS