CVEFinder.io

CVE-2026-42881

🔶 medium
🔍 Scan for this CVE
Summary

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the "Export HTML" action. This vulnerability is fixed in 1.2.7.

CVSS Score
-
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-14
First Seen: 2026-05-17
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-22 CWE-73

📦 Affected Products 0

No affected products information available

🔗 References 3

https://github.com/squinky86/STIGQter/security/advis...
https://www.bitwizemusic.com/security/advisories/bve...
https://www.bitwizemusic.com/security/advisories/bve...