CVE-2026-30266

High

Published: 20 April 2026

Published

20 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30266 is a high-severity Insecure Inherited Permissions (CWE-277) vulnerability in Deepcool Deepcreative. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to files and resources in DeepCreative, directly preventing local attackers from exploiting insecure permissions to execute arbitrary code via crafted files.

AC-6 Least Privilege good match

prevent

Employs least privilege for DeepCreative processes, ensuring minimal permissions that mitigate arbitrary code execution from insecure file permissions even if exploited.

CM-6 Configuration Settings good match

prevent

Establishes secure configuration settings for file permissions in DeepCreative, addressing CWE-277 by restricting access to prevent crafted file-based code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Insecure permissions vulnerability enables local arbitrary code execution when a user opens a crafted file (UI:R), directly mapping to malicious file user execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file

Deeper analysisAI

CVE-2026-30266 is an Insecure Permissions vulnerability (CWE-277) in DeepCool DeepCreative version 1.2.12 and prior versions. Published on 2026-04-20, it allows a local attacker to execute arbitrary code via a crafted file. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.

Exploitation requires local access to the system with no privileges (PR:N), low attack complexity, and user interaction such as opening the crafted file. A successful attack grants the attacker high-level access to confidentiality, integrity, and availability, enabling arbitrary code execution that could result in full compromise of the affected system.

Vendor sites at http://deepcool.com and http://deepcreative.com, along with research at https://github.com/uncle-hash/vulnerability-research/tree/main/CVE-2026-30266, provide further details on the vulnerability.

Details

CWE(s): CWE-277

Affected Products

deepcool

deepcreative

≤ 1.2.12

CVEs Like This One

CVE-2025-37174Shared CWE-277

References

http://deepcool.com
Product · cve@mitre.org
http://deepcreative.com
Broken Link · cve@mitre.org
https://github.com/uncle-hash/vulnerability-research/tree/main/CVE-2026-30266
Third Party Advisory · cve@mitre.org