Description
An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer.
Published: 2026-02-24
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability involves an uncontrolled search path element in Synology Presto Client before version 2.1.3-0672. During installation, a local user can place a malicious DLL in the same directory as the installer; the client may load that DLL, allowing the user to read or write arbitrary files and potentially cause denial‑of‑service. The flaw is identified by CWE‑427, indicating a path traversal risk.

Affected Systems

Synology Presto Client applications older than version 2.1.3-0672, including all builds released prior to that version, are vulnerable.

Risk and Exploitability

The CVSS score is 6.7 (medium), and the EPSS score is less than 1%, indicating a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access; the attacker must be able to execute the installer and place a malicious DLL in its directory, which could allow arbitrary file read/write and potentially trigger a denial‑of‑service during installation. Given the local requirement and low EPSS, the overall risk remains moderate but warrants mitigation.

Generated by OpenCVE AI on June 2, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Synology Presto Client version 2.1.3-0672 or later, which removes the vulnerable search path handling.
  • Ensure the installation directory does not contain any DLL files before running the installer; delete any unexpected DLLs.
  • Apply file system permissions that restrict write access to the installer directory, preventing untrusted users from dropping DLLs.

Generated by OpenCVE AI on June 2, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Uncontrolled Search Path Element Allows Local Users to Read/Write Arbitrary Files During Installation

Tue, 02 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer. An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer.

Fri, 17 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title Uncontrolled Search Path Element Allows Local Users to Read/Write Arbitrary Files During Installation

Wed, 04 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Synology presto Client
CPEs cpe:2.3:a:synology:presto_client:*:*:*:*:*:*:*:*
Vendors & Products Synology presto Client

Tue, 24 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Synology
Synology synology Presto Client
Vendors & Products Synology
Synology synology Presto Client

Tue, 24 Feb 2026 03:00:00 +0000

Type Values Removed Values Added
Description An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Synology Presto Client Synology Presto Client
cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published:

Updated: 2026-06-02T08:32:30.493Z

Reserved: 2026-02-24T01:34:19.753Z

Link: CVE-2026-3091

cve-icon Vulnrichment

Updated: 2026-02-24T20:48:47.569Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T03:16:03.890

Modified: 2026-06-17T10:43:02.053

Link: CVE-2026-3091

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T12:00:06Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element