VYPR
High severity7.8NVD Advisory· Published Aug 17, 2022· Updated Jun 17, 2026

CVE-2022-31262

CVE-2022-31262

Description

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Gog.com/GOG Galaxycpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 2.0.46

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.