Vulnerability in ONLYOFFICE DesktopEditors Affects File Security
CVE-2026-41030

6.2MEDIUM

Key Information:

Vendor: Ascensio
Status: Onlyoffice Desktopeditors
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-41030?

A vulnerability in ONLYOFFICE DesktopEditors prior to version 9.3.0 allows attackers to leverage the update service to execute actions on files with elevated SYSTEM privileges, potentially compromising file integrity and security. This flaw highlights the importance of keeping software updated to mitigate risks related to unauthorized access.

Affected Version(s)

ONLYOFFICE DesktopEditors 0 < 9.3.0

References

https://github.com/ONLYOFFICE/DesktopEditors/blob/master/...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41030 Data

JSON

Ascensio

What is CVE-2026-41030?

Affected Version(s)

References

CVSS V3.1

Timeline