OnlyOffice Desktop Editors: File Access with Elevated Privileges

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.2

OnlyOffice Desktop Editors: File Access with Elevated Privileges

CVE-2026-41030

Summary

The update service in OnlyOffice Desktop Editors has a security weakness that could allow an attacker to access and modify files with elevated privileges. This could potentially lead to unauthorized changes to sensitive files. To fix this issue, upgrade to version 9.3.0 or later.

Original title

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Original description

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

nvd CVSS3.1 6.2

Vulnerability type

CWE-669

https://github.com/ONLYOFFICE/DesktopEditors/blob/master/CHANGELOG.md

Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026