Description
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads.
Published: 2026-04-08
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

MemProcFS versions earlier than 5.17 load libraries without full path qualification, allowing attackers to hijack DLL and shared library loads. By placing a malicious file with the expected name in the working directory or by manipulating LD_LIBRARY_PATH, an attacker can cause MemProcFS to load that file instead of the legitimate library. This results in arbitrary code execution within the MemProcFS process, granting the attacker full control over the application and potentially the host system. The weakness is identified as CWE‑427, reflecting insecure handling of executable paths.

Affected Systems

The vulnerability affects the ufrisk MemProcFS product installed on any operating system using versions prior to 5.17. Users who run older releases and provide untrusted working directories or environment variables are susceptible.

Risk and Exploitability

With a CVSS score of 8.5, this flaw is classified as high severity. Although no exploit probability score is available and the vulnerability is not listed in CISA’s KEV catalog, the attack can be performed locally by anyone who can write to the MemProcFS working directory or influence environment variables such as LD_LIBRARY_PATH. If MemProcFS runs with elevated privileges, an attacker can gain system-level access through this vector.

Generated by OpenCVE AI on April 8, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MemProcFS to version 5.17 or later to eliminate unsafe library loading paths.
  • If an upgrade cannot be applied immediately, ensure that MemProcFS is launched from a secure, non‑writable working directory that cannot be modified by untrusted users.
  • Unset or restrict LD_LIBRARY_PATH before starting MemProcFS so it cannot locate malicious libraries in user‑controlled locations.
  • Audit the system for unauthorized DLL or shared library loads and apply additional monitoring or access controls as needed.
  • Regularly check the vendor’s website and security advisories for updates or patches relating to this issue.

Generated by OpenCVE AI on April 8, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ufrisk:memprocfs:*:*:*:*:*:*:*:*

Thu, 09 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Ufrisk
Ufrisk memprocfs
Vendors & Products Ufrisk
Ufrisk memprocfs

Wed, 08 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads.
Title MemProcFS < 5.17 DLL/Shared Library Hijacking
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ufrisk Memprocfs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-09T16:16:34.107Z

Reserved: 2026-04-08T13:36:52.082Z

Link: CVE-2026-40031

cve-icon Vulnrichment

Updated: 2026-04-09T14:49:56.291Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T22:16:23.650

Modified: 2026-04-17T16:15:37.513

Link: CVE-2026-40031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:51Z

Weaknesses