Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NoMachine Privilege Escalation Risk on Local Machines
CVE-2026-5054
Summary
NoMachine users are at risk of having their system compromised by unauthorized access if an attacker can run low-privileged code on the same machine. This can happen if the NoMachine software does not properly validate certain input paths. To mitigate this risk, update NoMachine to the latest version available.
Original title
NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacke...
Original description
NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630.
The specific flaw exists within the handling of command line parameters. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-28630.
nvd CVSS3.0
7.8
Vulnerability type
CWE-73
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026