HIGH
Nullsoft
CVE published 2026-04-24
CVE-2026-42171
NSIS (Nullsoft Scriptable Install System) versions 3.06.1 through 3.11 contain a local privilege escalation vulnerability. When NSIS installers execute with SYSTEM privileges, they may incorrectly use the Low Integrity Level (IL) temporary directory for file operations. An attacker with local access who can cause the `my_GetTempFileName` function to return 0 can exploit this behavior to achieve privilege [truncated]