Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Synology Presto Client: Local Files Can Be Read or Written During Installation
CVE-2026-3091
Summary
A security issue in Synology Presto Client versions prior to 2.1.3-0672 allows a local user to access and modify files on the system by placing a malicious file in the same directory as the installer. This could potentially allow unauthorized access to sensitive data. To protect your system, update to the latest version of Synology Presto Client.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| synology | presto_client | <= 2.1.3-0672 | – |
Original title
An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in a...
Original description
An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.
nvd CVSS3.1
7.1
Vulnerability type
CWE-427
Uncontrolled Search Path Element
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026