Description
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

This vulnerability stems from the NoMachine Device Server loading a shared library from an uncontrolled, unsecured location. When a local attacker successfully injects a malicious library, the application runs the library with elevated privileges, allowing the attacker to execute arbitrary code as the SYSTEM account. Consequently, an attacker can gain full control over the affected system, compromising confidentiality, integrity, and availability. The weakness is characterized by uncontrolled search path element access, corresponding to CWE‑427.

Affected Systems

The affected product is NoMachine, specifically the Device Server component. No version information is provided in the advisory, so the scope includes all installations that rely on the Device Server's library loading behavior.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity for local privilege escalation. Exploitation requires an attacker to have some level of code execution at a lower privilege first; from there the flaw permits escalation to SYSTEM. EPSS data is unavailable, so we cannot quantify the current risk of exploitation, but the lack of an official patch or workaround and the severity score suggest that administrators should treat it as a high risk. The vulnerability is not listed in CISA’s KEV catalog, but the potential for full system takeover makes it a priority target for mitigation.

Generated by OpenCVE AI on April 11, 2026 at 02:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NoMachine patch or update to a version that fixes the library loading issue.
  • If no patch is immediately available, ensure that the library path used by NoMachine is owned by a privileged account and has restrictive permissions to prevent untrusted users from placing malicious libraries there.
  • Restrict local user shell access and monitor for suspicious library files in the NoMachine directories.
  • Check NoMachine’s vendor website or support channels for any interim advisories or configuration changes.

Generated by OpenCVE AI on April 11, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:*

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Nomachine
Nomachine nomachine
Vendors & Products Nomachine
Nomachine nomachine

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.
Title NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nomachine Nomachine
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-14T03:55:48.016Z

Reserved: 2026-03-27T18:06:08.827Z

Link: CVE-2026-5055

cve-icon Vulnrichment

Updated: 2026-04-13T16:15:42.869Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:18.017

Modified: 2026-04-15T18:41:22.170

Link: CVE-2026-5055

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:57:05Z

Weaknesses