Description
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Published: 2026-05-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NAVER MYBOX Explorer for Windows versions prior to 3.0.11.160 contain a flaw that enables a local attacker to elevate privileges to NT AUTHORITY\\SYSTEM by manipulating the registry. The vulnerability arises from improper privilege checks that allow changes to registry keys controlling application behavior, granting the attacker unrestricted access to system resources. This represents a high‑impact escalation of privileges that could lead to full system compromise if exploited.

Affected Systems

The affected product is NAVER MYBOX Explorer for Windows, specifically all releases before version 3.0.11.160. Users running these legacy versions are at risk until the updated release is deployed.

Risk and Exploitability

The CVSS score is 7.8, indicating high impact. The EPSS score is less than 1%, suggesting a low probability of public exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. However, the attack vector is local, meaning the attacker must already have physical or remote access to the target machine. If an attacker can become a local user, the privilege escalation can be achieved by modifying the relevant registry entries, bypassing normal access controls.

Generated by OpenCVE AI on May 8, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NAVER MYBOX Explorer update (v3.0.11.160 or later) to remove the privilege escalation flaw.
  • Configure the security policy to deny local users write access to the registry key(s) exploited by MYBOX Explorer, or use application control to restrict registry modifications.
  • Ensure that local user accounts do not have administrative privileges and enable auditing of registry changes to detect unauthorized activity.

Generated by OpenCVE AI on May 8, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Naver
Naver mybox Explorer
Vendors & Products Naver
Naver mybox Explorer

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Navercorp
Navercorp mybox
CPEs cpe:2.3:a:navercorp:mybox:*:*:*:*:*:windows:*:*
Vendors & Products Navercorp
Navercorp mybox

Fri, 08 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Registry Manipulation in NAVER MYBOX Explorer for Windows

Fri, 08 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Registry Manipulation in NAVER MYBOX Explorer for Windows

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Weaknesses CWE-266
References

Subscriptions

Naver Mybox Explorer
Navercorp Mybox
cve-icon MITRE

Status: PUBLISHED

Assigner: naver

Published:

Updated: 2026-05-08T17:59:41.775Z

Reserved: 2026-05-08T04:24:32.155Z

Link: CVE-2026-8148

cve-icon Vulnrichment

Updated: 2026-05-08T17:59:29.277Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T05:16:12.030

Modified: 2026-05-11T12:59:38.827

Link: CVE-2026-8148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T16:00:20Z

Weaknesses