Primary

Context

NREL BEopt DLL Hijacking Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A DLL hijacking vulnerability has been identified in NREL BEopt version 2.8.0.0, as well as in versions 2.7.0.0 and 2.6.0.1. This vulnerability arises from the application loading dynamic-linked libraries (DLLs) in an insecure manner, specifically 'sdl2.dll' and 'libegl.dll'. Attackers can exploit this vulnerability by persuading users to open .BEopt files located on remote WebDAV or SMB shares, which can lead to the execution of arbitrary code on the user's system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, place a malicious DLL file named 'sdl2.dll' or 'libegl.dll' on a WebDAV or SMB share. Then, trick the user into opening a .BEopt file that is configured to load the malicious DLL from the remote share. Once the file is opened, the malicious code will be executed on the user's system.

Added: Jan 8, 2026, 12:37 AM

Updated: Jan 8, 2026, 12:37 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NREL BEopt DLL Hijacking Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating