Cyber Resilience

CVE-2022-46330

High

Published: 21 December 2022

Published
21 December 2022
Modified
16 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-46330 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Squirrel.Windows Project Squirrel.Windows. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic…

more

Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

squirrel.windows project
squirrel.windows
≤ 2.0.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References