CVE-2026-41030 MEDIUM

CVE-2026-41030

Vendor Ascensio
Product ONLYOFFICE DesktopEditors
Weakness CWE-669
Published April 16, 2026
Last update April 16, 2026

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

Key dates

02Disclosure timeline

April 16, 2026 CVE published
April 16, 2026 Record updated