CVE-2026-32679
Published: 23 April 2026
Summary
CVE-2026-32679 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Liveon Canonnwcamplugin.Exe. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25138
Vulnerability details
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected…
more
installer may load that DLL and execute its code with the privilege of the user invoking the installer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes insecure DLL loading (CWE-427) in installers, enabling DLL Search Order Hijacking when a malicious DLL is placed in the same directory.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.