CVE-2026-2713
Published: 10 March 2026
Summary
CVE-2026-2713 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Ibm Trusteer Rapport. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes a CWE-427 uncontrolled DLL search path in the installer that is directly exploited by placing a malicious DLL for side-loading, enabling local arbitrary code execution.
NVD Description
IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker…
more
could exploit this vulnerability to execute arbitrary code on the system.
Deeper analysisAI
CVE-2026-2713 is a DLL uncontrolled search path element vulnerability (CWE-427) affecting the IBM Trusteer Rapport installer version 3.5.2309.290. Published on 2026-03-10, this flaw in IBM Trusteer Rapport enables a local attacker to execute arbitrary code on the system due to improper handling of DLL loading paths.
A local attacker with no privileges (PR:N) can exploit this vulnerability by placing a specially crafted file in a compromised folder that the installer searches during execution. Exploitation requires local access (AV:L) and high attack complexity (AC:H) with no user interaction (UI:N), potentially achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) via arbitrary code execution, as scored at CVSS 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Mitigation details are available in the IBM security advisory at https://www.ibm.com/support/pages/node/7263031.
Details
- CWE(s)