CVE-2026-3091 Synology — Exploit & Vulnerability Details MEDIUM

CVE-2026-3091

MEDIUM CVSS 3.1: 6.7 EPSS 0.01%

Parameter	Value
CVSS	6.7 (MEDIUM)
Affected Versions	before 2.1.3
Type	CWE-427 (Uncontrolled Search Path Element)
Vendor	Synology
Public PoC	No

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-427 Uncontrolled Search Path Element

References 1

https://www.synology.com/en-global/security/advisory/Synology_SA_26_02

security@synology.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31998

Synology

8.3

CVE-2024-47266

Synology

2.7

CVE-2024-47265

Synology

6.5

Menu

CVE-2026-3091

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31998

CVE-2024-47266

CVE-2024-47265

CVE Details

Editor's Choice

Menu

CVE-2026-3091

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-31998

CVE-2024-47266

CVE-2024-47265

CVE Details

Editor's Choice

Stay informed on cybersecurity