{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-41030", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-16T05:51:20.922Z", "datePublished": "2026-04-16T05:51:21.338Z", "dateUpdated": "2026-04-16T12:31:19.989Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ONLYOFFICE DesktopEditors", "vendor": "Ascensio", "versions": [{"lessThan": "9.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T06:12:22.232Z"}, "references": [{"url": "https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T12:20:10.591911Z", "id": "CVE-2026-41030", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:31:19.989Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T12:20:10.591911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:20:11.963Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ascensio", "product": "ONLYOFFICE DesktopEditors", "versions": [{"status": "affected", "version": "0", "lessThan": "9.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T06:12:22.232Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41030", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:31:19.989Z", "dateReserved": "2026-04-16T05:51:20.922Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-16T05:51:21.338Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges."}], "id": "CVE-2026-41030", "lastModified": "2026-04-17T15:38:09.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-16T07:16:30.660", "references": [{"source": "cve@mitre.org", "url": "https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ONLYOFFICE DesktopEditors", "source": "cna", "vendor": "Ascensio"}, "product": "onlyoffice_desktopeditors", "vendor": "ascensio"}], "analysis": {"en": {"generated_at": "2026-04-16T08:54:11.864133+00:00", "value": {"mitigation_remediation": ["Upgrade ONLYOFFICE DesktopEditors to version 9.3.0 or later.", "Disable automatic updates or limit updates to verified sources whenever possible.", "Monitor system for anomalous file modifications and enforce least privilege for software that manages updates."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The affected vendor is Ascensio, product is ONLYOFFICE DesktopEditors. All builds before 9.3.0 are vulnerable. Users running any earlier version on any supported operating system are at risk.", "description_and_impact": "In ONLYOFFICE DesktopEditors versions prior to 9.3.0, the update service can be exploited to execute actions on files with SYSTEM privileges. This flaw is rooted in improper privilege management, allowing attackers who obtain the ability to influence the update process to elevate privileges or run code with elevated rights, undermining confidentiality, integrity, and availability of the system it runs on. The weakness is categorized as CWE-669.", "risk_and_exploitability": "The CVSS score of 6.2 indicates medium severity. EPSS data is unavailable, so current exploitation probability cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves the update service; an attacker would need to supply a malicious update package or compromise the update server. Once triggered, the attacker could take actions with SYSTEM\u2011level privileges, making this a critical escalation vector in environments where the DesktopEditors service runs under privileged accounts."}}}}, "created": "2026-04-16T09:00:05.290350+00:00", "title": "Privilege Escalation via Update Service in ONLYOFFICE DesktopEditors", "updated": "2026-04-16T09:11:41.786390+00:00", "vendors": ["ascensio", "ascensio$PRODUCT$onlyoffice_desktopeditors"]}