Local Privilege Escalation in ANSSI DFIR-ORC by Loading DLLs
CVE-2026-11958

7.3HIGH

Key Information:

Vendor: Anssi
Status: Dfir-orc
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-11958?

A local privilege escalation vulnerability exists in ANSSI's DFIR-ORC, versions 10.2.7 and earlier. This flaw allows an attacker who has prior access to the system to exploit a shared temporary directory to load a malicious DLL from C:\Windows\Temp. As DFIR-ORC is executed with administrative privileges from this directory, the attacker can gain elevated permissions, potentially compromising the security of the affected machine. Immediate action is advised to mitigate this risk.

Affected Version(s)

DFIR-ORC 0 <= 10.2.7

DFIR-ORC 10.3.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/local-...

patch

https://github.com/DFIR-ORC/dfir-orc/releases/tag/v10.3.0

vendor-advisorypatch

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 11, 2026

Credit

Rémi Delabrosse

Nicolas Rodrigues

CVE-2026-11958 Data

JSON

Anssi

What is CVE-2026-11958?

Affected Version(s)

References

CVSS V4

Timeline

Credit