Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-6645

Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-427 Elemento no controlado en la ruta de búsqueda
Fecha de publicación:
22/06/2026
Última modificación:
23/06/2026

Descripción

*** Pendiente de traducción *** An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.<br /> <br /> <br /> <br /> Because the application does not specify an absolute path to this utility, it relies on the operating system&amp;#39;s default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system&amp;#39;s search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.

Referencias a soluciones, herramientas e información