CVE-2026-41030

Medium

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

mitre·CWE-669·Published 2026-04-16

CVSS

6.2

EPSS

0.00

KEV

Exploits

cve.orgen

130 chars

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

NVDen

130 chars

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.2	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H