CVE-2021-20726

HIGH

Overwolf <2.168.0.n - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN78254777/index.html

[Vendor Advisory] https://www.overwolf.com/

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

overwolf/overwolf < 2.168.0.n

Timeline

Published May 24, 2021

Tracked Since Feb 18, 2026