High severity7.8NVD Advisory· Published Oct 8, 2020· Updated Jun 17, 2026
CVE-2020-26894
CVE-2020-26894
Description
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LiveCode/LiveCodedescription
Patches
Vulnerability mechanics
References
3- john-woodman.com/posts/LiveCode-Privilege-Escalation-Vulnerability/nvdExploitThird Party Advisory
- github.com/livecode/livecode/pull/7454nvdVendor Advisory
- quality.livecode.com/show_bug.cginvdThird Party Advisory
News mentions
0No linked articles in our index yet.