What is CVE-2026-5055?

CVE-2026-5055 is a high-severity vulnerability in Nomachine, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2026-04-11.

How severe is CVE-2026-5055?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Nomachine

CVE-2026-5055

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to exe…

EPSS: 0.000 (5.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Nomachine — versions 9.2.18_1

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

ZDI-26-249 (x_research-advisory)

Frequently asked questions

What is CVE-2026-5055?: CVE-2026-5055 is a high-severity vulnerability in Nomachine, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2026-04-11.
How severe is CVE-2026-5055?: High severity. CVSS v3 base score is 7.8 out of 10.