VYPR
High severity7.8NVD Advisory· Published May 26, 2026· Updated May 28, 2026

CVE-2026-44469

CVE-2026-44469

Description

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.