Primary

Context

ONLYOFFICE DesktopEditors Privilege Escalation Vulnerability in Update Service

Vulnerability

A vulnerability in the update service of ONLYOFFICE DesktopEditors versions prior to 9.3.0 allows attackers to perform actions on files with SYSTEM privileges. This issue could be exploited to manipulate files or data at a high privilege level, potentially leading to unauthorized changes or access.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on files with SYSTEM privileges, allowing for significant manipulation or access to sensitive data or functions.

Remediation

Users can update to ONLYOFFICE DesktopEditors version 9.3.0 or later, where this vulnerability has been fixed.

Added: Apr 16, 2026, 7:28 AM

Updated: Apr 16, 2026, 7:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

3.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

3.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ONLYOFFICE DesktopEditors Privilege Escalation Vulnerability in Update Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating