Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR01X11689
Added on: 2026-01-14
Last Update: 2026-04-16
Solved in version: 9.4.14 and 8.22.1
Platform: All Windows Platforms
Product: NoMachine Client
Severity: Serious
Status: Solved
Print this article

Possible privileges escalation on Windows via named pipe impersonation (CVE-2026-5055)

The following problem has been reported by https://www.zerodayinitiative.com/advisories/ZDI-26-249/ and assigned with CVE-2026-5055

Users could exploit NoMachine programs to execute malicious DLLs by creating arbitrary mountpoints via named pipe impersonation.

This issue affected NoMachine v9 and v8. It is now fixed in v9.4.14 https://kb.nomachine.com/SU03X00271 and v8.22.1 https://kb.nomachine.com/SU04X00273.
 

 

 

 

 

SOLVED, Released in version 9.4.14 and 8.22.1