CVE-2026-41030 PUBLISHED

Assigner: mitre
Reserved: 16.04.2026 Published: 16.04.2026 Updated: 16.04.2026

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.2

Product Status

Vendor Ascensio
Product ONLYOFFICE DesktopEditors
Versions Default: unaffected
  • affected from 0 to 9.3.0 (excl.)

References

Problem Types

  • CWE-669 Incorrect Resource Transfer Between Spheres CWE