CVE-2026-44612

HIGH

Bytello Share (Windows Edition) Installer Executable - Uncontrolled Search Path Element

Title source: rule

Description

Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

References (2)

Core 2

Core References

https://www.bytello.com/help/share/downloads

https://jvn.jp/en/jp/JVN98871848/

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

Bytello/Bytello Share (Windows Edition) installer executable prior to 5.13.0.4246

Published May 13, 2026

Tracked Since May 13, 2026