Description
An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.
Published: 2026-02-24
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local File Access
Action: Upgrade
AI Analysis

Impact

This vulnerability involves an uncontrolled search path element in Synology Presto Client before version 2.1.3-0672. During installation, if a user places a malicious DLL file in the same folder as the installer, the client may load that DLL, allowing the local user to read or modify arbitrary files on the system. This flaw is described by CWE-427, which can enable arbitrary code execution if the DLL runs with elevated privileges.

Affected Systems

Synology Presto Client applications older than version 2.1.3-0672, including all builds released prior to that version, are vulnerable.

Risk and Exploitability

The CVSS score is 6.7 (medium), and the EPSS score is less than 1%, indicating a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access; the attacker must be able to execute the installer and place a DLL in its directory. Given the local requirement and low EPSS, the overall risk is moderate but warrants mitigation.

Generated by OpenCVE AI on April 17, 2026 at 15:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Synology Presto Client version 2.1.3-0672 or later, which removes the vulnerable search path handling.
  • Ensure the installation directory does not contain any DLL files before running the installer; delete any unexpected DLLs.
  • Apply file system permissions that restrict write access to the installer directory, preventing untrusted users from dropping DLLs.
  • Monitor installation activity for unexpected DLL execution, and respond to any alerts by logging and investigating the source.

Generated by OpenCVE AI on April 17, 2026 at 15:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title Uncontrolled Search Path Element Allows Local Users to Read/Write Arbitrary Files During Installation

Wed, 04 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Synology presto Client
CPEs cpe:2.3:a:synology:presto_client:*:*:*:*:*:*:*:*
Vendors & Products Synology presto Client

Tue, 24 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology synology Presto Client
Vendors & Products Synology
Synology synology Presto Client

Tue, 24 Feb 2026 03:00:00 +0000

Type Values Removed Values Added
Description An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Synology Presto Client Synology Presto Client
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-02-24T20:48:54.091Z

Reserved: 2026-02-24T01:34:19.753Z

Link: CVE-2026-3091

cve-icon Vulnrichment

Updated: 2026-02-24T20:48:47.569Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T03:16:03.890

Modified: 2026-03-04T02:21:20.830

Link: CVE-2026-3091

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:00:11Z

Weaknesses