Description
Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an uncontrolled search path element in the OpenSSL DLL component used by Synology BeeDrive for desktop, allowing local users to execute arbitrary code via unspecified vectors. This flaw, classified as CWE‑427, can lead to complete compromise of the affected machine, as any locally privileged user could inject malicious DLLs into the PATH that the application subsequently loads. The primary impact is arbitrary local code execution, potentially granting an attacker administrative privileges if the vulnerable user account has elevated rights.

Affected Systems

BeeDrive for desktop versions prior to 1.3.2‑13814 are affected. The issue exists in every build that includes the vulnerable OpenSSL DLL prior to that version. Users running Editions of BeeDrive with the default installation path are at risk until the vendor releases a fix or until the component is replaced.

Risk and Exploitability

With a CVSS score of 7.8 the flaw is considered high severity, but the EPSS score is not available, and it is not listed in the CISA KEV catalog. Exploitation is constrained to local users, and the vulnerability requires a local user to trigger an unspecified vector to load a malicious DLL. The lack of network or remote vectors limits widespread exploitation, yet the impact remains critical for systems where local users have elevated privileges.

Generated by OpenCVE AI on May 27, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to BeeDrive for desktop 1.3.2‑13814 or later.
  • If upgrading is not feasible, replace or relocate the vulnerable OpenSSL DLL and configure the application to reference the corrected file, preventing the search path from resolving to an attacker‑controlled location.
  • Configure local user permissions and audit the OpenSSL DLL directory for unauthorized files, mitigating the risk of local execution until a fix is applied.

Generated by OpenCVE AI on May 27, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled Search Path Element in OpenSSL DLL Enables Arbitrary Local Code Execution on Synology BeeDrive Desktop
First Time appeared Synology
Synology beedrive For Desktop
Vendors & Products Synology
Synology beedrive For Desktop

Wed, 27 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Synology Beedrive For Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-05-27T13:41:23.669Z

Reserved: 2024-09-24T08:35:52.121Z

Link: CVE-2023-52945

cve-icon Vulnrichment

Updated: 2026-05-27T13:41:20.822Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T09:16:24.777

Modified: 2026-05-27T14:54:20.160

Link: CVE-2023-52945

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:30:28Z

Weaknesses