Primary

Context

Synology Presto Client Uncontrolled Search Path Element Vulnerability Allowing Arbitrary File Access

Vulnerability

A vulnerability allowing uncontrolled search path elements has been identified in Synology Presto Client versions prior to 2.1.3-0672. This vulnerability allows local users to read or write arbitrary files during the installation process by placing a malicious DLL in the same directory as the installer.

Impact

Exploitation of this vulnerability could lead to unauthorized reading or writing of files on the local system.

Remediation

Users are advised to upgrade to Synology Presto Client version 2.1.3-0672 or above.

Added: Feb 24, 2026, 3:19 AM

Updated: Feb 24, 2026, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

2.6

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

2.6

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Presto Client Uncontrolled Search Path Element Vulnerability Allowing Arbitrary File Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating