CVE-2026-23755
Published: 21 January 2026
Summary
CVE-2026-23755 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Dlink D-View 8. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2026-23755 is an uncontrolled search path vulnerability (CWE-427) in the installer component of D-Link D-View 8 versions 2.0.1.107 and below. When the installer is executed with elevated privileges through User Account Control (UAC), it attempts to load version.dll from its current execution directory rather than a secure path, enabling DLL preloading attacks.
A local attacker with low privileges can exploit this by placing a malicious version.dll file alongside the legitimate installer executable. If a victim user runs the installer and approves the UAC prompt for elevation, the malicious DLL loads and executes attacker-controlled code with administrator privileges, resulting in high-impact confidentiality, integrity, and availability violations that can lead to full system compromise.
D-Link and VulnCheck advisories provide guidance on mitigations: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471 and https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3606
Vulnerability details
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply…
more
a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Uncontrolled search path in elevated installer directly enables DLL side-loading (T1574.002) for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires all loaded components (including version.dll) to be digitally signed, directly blocking the unsigned malicious DLL from being preloaded by the installer.
Verifies integrity of software and loaded modules at runtime, preventing execution of the attacker-supplied version.dll during the elevated installer process.
Deploys malicious-code detection mechanisms that can identify and block the rogue version.dll before it executes with administrator privileges.