High severity7.8NVD Advisory· Published Apr 7, 2021· Updated Jul 5, 2026
CVE-2021-28927
CVE-2021-28927
Description
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- libretro/RetroArchdescription
Patches
Vulnerability mechanics
References
4- github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.cnvdPatchThird Party Advisory
- libretro.comnvdExploitVendor Advisory
- labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0nvdExploitThird Party Advisory
- retroarch.comnvdProductVendor Advisory
News mentions
0No linked articles in our index yet.