CVE-2026-42171 | Nullsoft Scriptable Install System up to 3.11 my_GetTempFileName uncontrolled search path

A vulnerability marked as problematic has been reported in Nullsoft Scriptable Install System up to 3.11. Impacted is the function my_GetTempFileName. The manipulation leads to uncontrolled search path.

This vulnerability is listed as CVE-2026-42171. The attack must be carried out locally. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More