CVE-2022-31262

HIGH

GOG Galaxy 2.0.46 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31262. PoCs published by secure-77.

AI-analyzed exploit summary This repository contains a working local privilege escalation (LPE) exploit for CVE-2022-31262, targeting GOG Galaxy versions 2.0.46 to 2.0.51. The exploit leverages insecure folder permissions to hijack the GalaxyCommunication service and spawn a SYSTEM-level command shell.

Description

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.

Exploits (1)

nomisec WORKING POC 5 stars
by secure-77 · poc
https://github.com/secure-77/CVE-2022-31262

This repository contains a working local privilege escalation (LPE) exploit for CVE-2022-31262, targeting GOG Galaxy versions 2.0.46 to 2.0.51. The exploit leverages insecure folder permissions to hijack the GalaxyCommunication service and spawn a SYSTEM-level command shell.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: GOG Galaxy 2.X (2.0.46 - 2.0.51)
Auth required
Prerequisites: Local access to the target system · GOG Galaxy installed and running · Insecure folder permissions on GOG Galaxy directories
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://secure77.de/category/subjects/researches/
Exploit, Third Party Advisory x_refsource_misc
https://secure77.de/gog-galaxy-cve-2022-31262/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/secure-77/CVE-2022-31262
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=Bgdbx5TJShI

Scores

CVSS v3 7.8
EPSS 0.0048
EPSS Percentile 37.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-281
Status published
Products (1)
gog/galaxy 2.0.46 - 2.0.51
Published Aug 17, 2022
Tracked Since Feb 18, 2026