Cyber Resilience

CVE-2026-2713

High

Published: 10 March 2026

Published
10 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 4.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2713 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Ibm Trusteer Rapport. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2026-2713 is a DLL uncontrolled search path element vulnerability (CWE-427) affecting the IBM Trusteer Rapport installer version 3.5.2309.290. Published on 2026-03-10, this flaw in IBM Trusteer Rapport enables a local attacker to execute arbitrary code on the system due to improper handling of DLL loading paths.

A local attacker with no privileges (PR:N) can exploit this vulnerability by placing a specially crafted file in a compromised folder that the installer searches during execution. Exploitation requires local access (AV:L) and high attack complexity (AC:H) with no user interaction (UI:N), potentially achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) via arbitrary code execution, as scored at CVSS 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Mitigation details are available in the IBM security advisory at https://www.ibm.com/support/pages/node/7263031.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker…

more

could exploit this vulnerability to execute arbitrary code on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

CVE describes a CWE-427 uncontrolled DLL search path in the installer that is directly exploited by placing a malicious DLL for side-loading, enabling local arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21127Same product: Apple Macos
CVE-2022-28339Same product: Microsoft Windows
CVE-2024-55543Same product: Microsoft Windows
CVE-2025-57836Same product: Microsoft Windows
CVE-2024-55540Same product: Microsoft Windows
CVE-2025-33229Same product: Microsoft Windows
CVE-2025-21206Same vendor: Microsoft
CVE-2026-5397Shared CWE-427
CVE-2024-55898Same vendor: Ibm
CVE-2024-57963Shared CWE-427

Affected Assets

ibm
trusteer rapport
3.5.2309.290

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic or integrity verification of executable components (DLLs) before loading, directly blocking the crafted DLL in the uncontrolled search path.

prevent

Mandates use of signed components, preventing the installer from executing an attacker-placed unsigned or mismatched DLL.

preventdetect

Deploys malicious-code detection mechanisms that can identify and block the specially crafted DLL before the installer loads it.

References