Cyber Posture

CVE-2026-23755

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23755 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Dlink D-View 8. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
Why these techniques?

Uncontrolled search path in elevated installer directly enables DLL side-loading (T1574.002) for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply…

more

a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.

Deeper analysisAI

CVE-2026-23755 is an uncontrolled search path vulnerability (CWE-427) in the installer component of D-Link D-View 8 versions 2.0.1.107 and below. When the installer is executed with elevated privileges through User Account Control (UAC), it attempts to load version.dll from its current execution directory rather than a secure path, enabling DLL preloading attacks.

A local attacker with low privileges can exploit this by placing a malicious version.dll file alongside the legitimate installer executable. If a victim user runs the installer and approves the UAC prompt for elevation, the malicious DLL loads and executes attacker-controlled code with administrator privileges, resulting in high-impact confidentiality, integrity, and availability violations that can lead to full system compromise.

D-Link and VulnCheck advisories provide guidance on mitigations: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471 and https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path.

Details

CWE(s)
CWE-427

Affected Products

dlink
d-view 8
≤ 2.0.1.107

CVEs Like This One

CVE-2026-23754Same product: Dlink D-View 8
CVE-2026-5397Shared CWE-427
CVE-2024-9493Shared CWE-427
CVE-2024-57963Shared CWE-427
CVE-2025-21127Shared CWE-427
CVE-2024-57964Shared CWE-427
CVE-2026-2713Shared CWE-427
CVE-2024-57426Shared CWE-427
CVE-2026-1506Same vendor: Dlink
CVE-2025-70219Same vendor: Dlink

References