CWE-427
Uncontrolled Search Path Element
BaseDraft
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (303)
page 4 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22561 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2026 | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer. | |
| CVE-2026-34054 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2026 | vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3. | |
| CVE-2026-25191 | Hig | 0.51 | 7.8 | 0.00 | Feb 26, 2026 | The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege. | |
| CVE-2026-26050 | Hig | 0.51 | 7.8 | 0.00 | Feb 20, 2026 | The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges. | |
| CVE-2026-25676 | Hig | 0.51 | 7.8 | 0.00 | Feb 12, 2026 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges. | |
| CVE-2025-48503 | Hig | 0.51 | 7.8 | 0.00 | Feb 11, 2026 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |
| CVE-2026-25656 | Hig | 0.51 | 7.8 | 0.00 | Feb 10, 2026 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108) | |
| CVE-2026-24694 | Hig | 0.51 | 7.8 | 0.00 | Feb 3, 2026 | The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application. | |
| CVE-2026-24016 | Hig | 0.51 | 7.8 | 0.00 | Jan 21, 2026 | The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed. | |
| CVE-2026-21427 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2026 | The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. | |
| CVE-2025-14498 | Hig | 0.51 | 7.8 | 0.00 | Dec 23, 2025 | TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the Electron framework. The product loads a script file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27395. | |
| CVE-2025-13152 | Hig | 0.51 | 7.8 | 0.00 | Dec 10, 2025 | A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |
| CVE-2025-12046 | Hig | 0.51 | 7.8 | 0.00 | Dec 10, 2025 | A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. | |
| CVE-2025-64772 | Hig | 0.51 | 7.8 | 0.00 | Dec 1, 2025 | The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | |
| CVE-2025-40827 | Hig | 0.51 | 7.8 | 0.00 | Nov 11, 2025 | A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. | |
| CVE-2025-40763 | Hig | 0.51 | 7.8 | 0.00 | Nov 11, 2025 | A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path. | |
| CVE-2025-60749 | Hig | 0.51 | 7.8 | 0.00 | Oct 31, 2025 | DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe. | |
| CVE-2025-62776 | Hig | 0.51 | 7.8 | 0.00 | Oct 29, 2025 | The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |
| CVE-2025-26861 | Hig | 0.51 | 7.8 | 0.00 | Oct 15, 2025 | RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. | |
| CVE-2025-26860 | Hig | 0.51 | 7.8 | 0.00 | Oct 15, 2025 | RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. |