PT-2026-21657 · Synology · Synology Presto Client
Sahil Shah
·
Published
2026-02-24
·
Updated
2026-03-04
·
CVE-2026-3091
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Synology Presto Client versions prior to 2.1.3-0672
Description
A flaw exists in Synology Presto Client that allows local users to read or write arbitrary files during installation. This occurs because of an uncontrolled search path element. An attacker can exploit this by placing a malicious DLL in the same directory as the installer before installation begins.
Recommendations
Update Synology Presto Client to version 2.1.3-0672 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Synology Presto Client