PatchSiren cyber security CVE debrief
CVE-2026-8148 Navercorp CVE debrief
CVE-2026-8148 is a high-severity local privilege escalation issue in NAVER MYBOX Explorer for Windows before 3.0.11.160. According to the vendor advisory and NVD record, an attacker with local access can abuse registry manipulation and improper privilege checks to reach NT AUTHORITY\SYSTEM.
- Vendor
- Navercorp
- Product
- CVE-2026-8148
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-08
- Original CVE updated
- 2026-05-11
- Advisory published
- 2026-05-08
- Advisory updated
- 2026-05-11
Who should care
Organizations running NAVER MYBOX Explorer for Windows, especially endpoints that allow untrusted local users, developer workstations, shared systems, or any Windows host where the application is installed below version 3.0.11.160. Endpoint security teams and administrators should prioritize this if local privilege escalation would meaningfully increase impact on the machine.
Technical summary
The official NVD record lists the vulnerable CPE as navercorp:mybox for Windows with an affected version range ending before 3.0.11.160. The vulnerability is described as a local privilege escalation to SYSTEM caused by improper privilege checks, with registry manipulation as the attack path. NVD assigns CVSS v3.1 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), which is consistent with a low-complexity local attack that can fully compromise the affected host once the attacker has limited local privileges.
Defensive priority
High. This is a local attack, but the impact is full SYSTEM-level compromise on affected installations, so remediation should be treated as urgent on endpoints where MYBOX Explorer is present.
Recommended defensive actions
- Upgrade NAVER MYBOX Explorer for Windows to version 3.0.11.160 or later.
- Inventory endpoints to find installations of MYBOX Explorer prior to 3.0.11.160.
- Prioritize patching systems where multiple users have local logon access or where local privilege escalation would materially expand risk.
- Review whether the application is needed on sensitive systems and remove it where unnecessary.
- Monitor affected hosts for unexpected registry changes and abnormal privilege escalation activity around the application context.
Evidence notes
This debrief is based only on the provided official sources: the NVD record for CVE-2026-8148, the CVE.org record, and the vendor advisory link referenced by NVD. The CVE was published on 2026-05-08 and last modified on 2026-05-11. The supplied source data states the issue affects NAVER MYBOX Explorer for Windows before 3.0.11.160 and describes the weakness as CWE-266 / improper privilege checks leading to SYSTEM escalation via registry manipulation.
Official resources
-
CVE-2026-8148 CVE record
CVE.org
-
CVE-2026-8148 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2026-05-08 via the official CVE/NVD ecosystem, with a vendor advisory reference from Navercorp. NVD marked the record analyzed and later updated it on 2026-05-11.