Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR02X11710
Added on: 2026-02-09
Last Update: 2026-04-16
Solved in version: 9.4.14 and 8.22.1
Platform: All Platforms
Product: NoMachine Server
Severity: Minor
Status: Solved
Print this article

Possible arbitrary deletion of files by exploiting the NoMachine environment variable for Kerberos cache path (CVE-2026-5053)

The following problem has been reported by https://www.zerodayinitiative.com/advisories/ZDI-26-247/ and assigned CVE-2026-5053.

A malicious attempt could exploit the Kerberos cache path variable set by NoMachine in the environment to delete arbitrary files.

This issue affected NoMachine v9 and v8. It is now fixed in v9.4.14 https://kb.nomachine.com/SU03X00271 and v8.22.1 https://kb.nomachine.com/SU04X00273.

 

 

SOLVED, Released in version 9.4.14 and 8.22.1