CVE-2026-33430

Name of the Vulnerable Software and Affected Versions Briefcase versions 0.3.0 through 0.3.25

Description Briefcase, a tool for converting Python projects into standalone native applications, has an issue where the installation process for Windows MSI installers, when set to install for All Users, creates a directory inheriting permissions from its parent. This could allow a low-privilege authenticated user to modify installed binaries. If an administrator subsequently runs these altered binaries, they will execute with elevated privileges. The problem stems from the template used to generate the Windows WXS file.

Recommendations Briefcase versions 0.3.0 through 0.3.25: Re-run briefcase create on your project to utilize the updated templates. Briefcase versions 0.3.24 through 0.3.25: Apply the patch from beeware/briefcase-windows-app-template#86 to your existing Briefcase .wxs file.