CVE-2026-0776 - Vulnerability Details

- Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Description

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27057.

Published: 2026-01-23

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the discord_rpc module of the Discord Client, where the application loads a file from an unsecured location. This uncontrolled search path element allows a locally present attacker who can already run code with low privileges to execute arbitrary code as the user of the application. The vulnerability directly increases the privileges of a local threat actor, potentially giving them full control over the target system.

Affected Systems

Affecting all installations of the Discord Client. No specific version range is provided, so the risk applies to every released build until patched. Users of any Discord desktop edition should be aware that the discord_rpc module is the attack vector.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.3, indicating moderate‑to‑high severity, and an EPSS score of less than 1 %, suggesting a low likelihood of widespread exploitation at the present. It is not listed in the CISA KEV catalog. Exploitation requires a local attacker with the ability to execute low‑privileged code; no remote trigger is necessary or described. Once the attacker achieves code execution, privilege escalation can be performed in the context of the victim user, bypassing standard access controls.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Discord

Client

unknown

Version	Status	Constraints
`1.0.9196`	affected	—

No data.

Vendor	Product	Confidence	Versions
Discord	Discord	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Discord Client update that removes the insecure search path from the discord_rpc module
Reconfigure the system to prevent the application from using system environment variables that specify search paths, or remove any directories that the module might access without restriction
Ensure that the directory containing the discord_rpc binaries and data files is owned by the system user and has minimal write permissions so that only the application can read the files without exposing them to local users

Generated by OpenCVE AI on April 18, 2026 at 03:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-26-040/

History

Fri, 23 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 23 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Discord Discord discord
Vendors & Products		Discord Discord discord

Fri, 23 Jan 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27057.
Title		Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Weaknesses		CWE-427
References		https://www.zerodayinitiative.com/advisories/ZDI-26-040/
Metrics		cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Discord Discord

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2026-01-23T03:29:18.996Z

Updated: 2026-02-26T14:44:25.231Z

Reserved: 2026-01-08T22:50:50.092Z

Link: CVE-2026-0776

Vulnrichment

Updated: 2026-01-23T19:15:49.089Z

NVD

Status : Deferred

Published: 2026-01-23T04:16:04.933

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0776

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses

CWE-427

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object