CVE-2026-40031

Summary

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads.

Affected Software

VendorProductVersion RangeStatus
ufriskMemProcFS0 <= 5.16.12affected
ufriskMemProcFS5.17.0unaffected
ufriskMemProcFSdf80e6e83641f5004025ce661e6dd8139028d7b5unaffected

Weaknesses

  • CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References