Local Code Execution Vulnerability in STIGQter by Squinky86
CVE-2026-42881

8.4HIGH

Key Information:

Vendor: Squinky86
Status: Stigqter
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-42881?

STIGQter, an open-source reimplementation of DISA's STIG Viewer, is susceptible to a local code execution vulnerability. Versions from 0.1.2 up to but not including 1.2.7 could allow an attacker to execute arbitrary code with the privileges of the user running the application. This can occur through user interaction, where the victim must open a crafted .stigqter file and trigger the 'Export HTML' action. The vulnerability underscores the importance of caution with user-uploaded files and highlights the need for secure coding practices to mitigate such risks.

Affected Version(s)

STIGQter >= 0.1.2, < 1.2.7

References

https://github.com/squinky86/STIGQter/security/advisories...

x_refsource_CONFIRM

https://www.bitwizemusic.com/security/advisories/bve-2026...

x_refsource_MISC

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42881 Data

JSON