CVE-2026-11958

Vulnerability Description

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and executed from that location with administrative privileges, the malicious library can be loaded automatically, allowing the attacker to gain administrator privileges on the affected machine.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-427

Source

NVD

Vendor

ANSSI

Product

DFIR-ORC

External References

https://github.com/DFIR-ORC/dfir-orc/releases/tag/v10.3.0
https://www.incibe.es/en/incibe-cert/notices/aviso/local-privilege-escalation-anssis-dfir-orc

CVE-2026-11958

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment