CVE-2026-11958

Source
https://cve.org/CVERecord?id=CVE-2026-11958
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11958.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11958
Published
2026-06-18T11:01:16.727Z
Modified
2026-07-08T08:06:54.279806758Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
Local privilege escalation in ANSSI’s DFIR-ORC
Details

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and executed from that location with administrative privileges, the malicious library can be loaded automatically, allowing the attacker to gain administrator privileges on the affected machine.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11958.json",
    "cwe_ids": [
        "CWE-427"
    ],
    "cna_assigner": "INCIBE"
}
References

Affected packages

Git / github.com/dfir-orc/dfir-orc

Affected ranges

Type
GIT
Repo
https://github.com/dfir-orc/dfir-orc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.2.7"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v10.*
v10.0.0
v10.0.1
v10.0.10
v10.0.11
v10.0.12
v10.0.13
v10.0.14
v10.0.15
v10.0.16
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v10.1.0
v10.1.0-rc1
v10.1.0-rc10
v10.1.0-rc2
v10.1.0-rc3
v10.1.0-rc4
v10.1.0-rc5
v10.1.0-rc6
v10.1.0-rc7
v10.1.0-rc8
v10.1.0-rc9
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.1.6
v10.1.7
v10.2.0
v10.2.1
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.2.7
v10.2.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11958.json"