CVE-2026-42171
NSIS 3.06.1 before 3.12 is affected: it may use the Low IL temp directory when running as SYSTEM, enabling local privilege escalation if my_GetTempFileName returns 0. Root cause is in the temp file handling, with a potential path-based abuse. Impact is local elevation of privileges with HIGH conf...