Description
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NAVER MYBOX Explorer for Windows versions prior to 3.0.11.160 contain a flaw that enables a local attacker to elevate privileges to NT AUTHORITY\SYSTEM by manipulating the registry. The vulnerability arises from improper privilege checks that allow changes to registry keys controlling application behavior, granting the attacker unrestricted access to system resources. This represents a high‑impact escalation of privileges that could lead to full system compromise if exploited.

Affected Systems

The affected product is NAVER MYBOX Explorer for Windows, specifically all releases before version 3.0.11.160. Users running these legacy versions are at risk until the updated release is deployed.

Risk and Exploitability

The CVSS score is not provided, but the absence of an EPSS score suggests limited publicly known exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. However, the attack vector is local, meaning the attacker must already have physical or remote access to the target machine. If an attacker can become a local user, the privilege escalation can be achieved by modifying the relevant registry entries, bypassing normal access controls.

Generated by OpenCVE AI on May 8, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NAVER MYBOX Explorer update (v3.0.11.160 or later) to remove the privilege escalation flaw.
  • Configure the security policy to deny local users write access to the registry key(s) exploited by MYBOX Explorer, or use application control to restrict registry modifications.
  • Ensure that local user accounts do not have administrative privileges and enable auditing of registry changes to detect unauthorized activity.

Generated by OpenCVE AI on May 8, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Registry Manipulation in NAVER MYBOX Explorer for Windows

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Weaknesses CWE-266
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: naver

Published:

Updated: 2026-05-08T04:36:12.538Z

Reserved: 2026-05-08T04:24:32.155Z

Link: CVE-2026-8148

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T05:16:12.030

Modified: 2026-05-08T05:16:12.030

Link: CVE-2026-8148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T06:30:46Z

Weaknesses