How severe is CVE-2022-26488?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2022-26488?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2022-26488 - HIGH Severity | CVSS 7

Vulnerability Description

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

Related Vulnerabilities

CVE-2018-6218

HIGH

CVSS:7.0(High)

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.

CWE-4262018

CVE-2021-29221

HIGH

CVSS:7.0(High)

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of othe...

CWE-4262021

CVE-2023-28143

HIGH

CVSS:7.0(High)

Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) v...

CWE-4262023

CVE-2024-34123

HIGH

CVSS:7.0(High)

Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by ins...

CWE-4262024

CVE-2024-45207

HIGH

CVSS:7.0(High)

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker plac...

CWE-4262024

CVE-2025-1353

HIGH

CVSS:7.0(High)

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search pa...

CWE-4262025