anonhaven
Ad

CVE-2026-41030

MEDIUM CVSS 3.1: 6.2
Updated Apr 17, 2026
In
Parameter Value
CVSS 6.2 (MEDIUM)
Affected Versions before 9.3.0
Type CWE-669 (Incorrect Resource Transfer Between Spheres)
Vendor In
Public PoC No

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-669 Incorrect Resource Transfer Between Spheres

References 1

https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md
cve@mitre.org
Share Post Share Share Share