{"api_version":"1","generated_at":"2026-04-23T02:25:11+00:00","cve":"CVE-2021-41526","urls":{"html":"https://cve.report/CVE-2021-41526","api":"https://cve.report/api/cve/CVE-2021-41526.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-41526","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-41526"},"summary":{"title":"CVE-2021-41526","description":"A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.","state":"PUBLIC","assigner":"PSIRT-CNA@flexerasoftware.com","published_at":"2023-03-29 21:15:00","updated_at":"2023-04-06 19:34:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md","name":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md","refsource":"MISC","tags":[],"title":"Vulnerability-Disclosures/MNDT-2021-0011.md at master · mandiant/Vulnerability-Disclosures · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message","name":"https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message","refsource":"CONFIRM","tags":[],"title":"CVE-2021-41526: Privilege escalation vulnerability during MSI repair – for the MSI built with Instal... - Community","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-41526","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41526","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"41526","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexera","cpe5":"revenera_installshield","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"41526","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexera","cpe5":"revenera_installshield","cpe6":"2021","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"41526","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flexera","cpe5":"revenera_installshield","cpe6":"2021","cpe7":"r1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-41526","ASSIGNER":"PSIRT-CNA@flexerasoftware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message","refsource":"CONFIRM","url":"https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message"},{"name":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md","refsource":"MISC","url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md"}]}},"nvd":{"publishedDate":"2023-03-29 21:15:00","lastModifiedDate":"2023-04-06 19:34:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:flexera:revenera_installshield:2021:r1:*:*:*:windows:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:flexera:revenera_installshield:*:*:*:*:*:windows:*:*","versionEndExcluding":"2021","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:flexera:revenera_installshield:2021:-:*:*:*:windows:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"41526","Ordinal":"217320","Title":"CVE-2021-41526","CVE":"CVE-2021-41526","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"41526","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}