Scan free
Pending AnalysisCVE-2026-44612

CVE-2026-44612: DLL Hijacking in Bytello Share (Windows)

Platform

windows

Component

bytello-share

Fixed in

5.13.0.4246

View on NVD
Save

CVE-2026-44612 describes a DLL hijacking vulnerability affecting the Bytello Share (Windows Edition) installer executable. This flaw allows an attacker to execute arbitrary code with the privileges of the user installing the software. The vulnerability impacts versions prior to 5.13.0.4246, and a fix is available in version 5.13.0.4246.

Impact and Attack Scenarios

The core of this vulnerability lies in the insecure handling of Dynamic Link Libraries (DLLs) during the installation process. An attacker can exploit this by placing a malicious DLL file in the same directory as the Bytello Share installer. When the installer executes, it may load this crafted DLL instead of the intended one, leading to arbitrary code execution. This allows the attacker to gain control over the system with the privileges of the user performing the installation, potentially leading to data theft, system compromise, or further malicious activity. The blast radius is limited to the user account performing the installation, but could be significant depending on the user's privileges and access to sensitive data.

Exploitation Context

The vulnerability was published on 2026-05-13. Currently, there are no known public exploits or active campaigns targeting CVE-2026-44612. The vulnerability's severity is rated as HIGH (CVSS 7.8), indicating a significant potential for exploitation. It is not listed on KEV or EPSS at this time, but continued monitoring is advised.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureLow
Reports1 threat report

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H7.8HIGHAttack VectorLocalHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Local — attacker needs a local shell or interactive session on the system.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentbytello-share
VendorBytello
Minimum versionprior to 5.13.0.4246
Maximum versionprior to 5.13.0.4246
Fixed in5.13.0.4246

Weakness Classification (CWE)

CWE-427

Timeline

  1. Reserved
  2. Published

Mitigation and Workarounds

The primary mitigation for CVE-2026-44612 is to upgrade Bytello Share (Windows Edition) to version 5.13.0.4246 or later. If an immediate upgrade is not possible, consider temporarily restricting write access to the installer directory to prevent attackers from placing malicious DLLs. While not a complete solution, this can reduce the attack surface. Monitor system logs for unusual DLL loading activity. After upgrading, confirm the fix by attempting to install the software in a controlled environment and verifying that the installer does not load any unexpected DLLs from the installation directory.

How to fix

Actualice a la versión 5.13.0.4246 o posterior para evitar la carga insegura de DLLs.  Asegúrese de que no haya DLLs maliciosos en el mismo directorio que el ejecutable del instalador.  Revise los permisos de acceso a archivos para restringir la escritura en el directorio del instalador.

Frequently asked questions

What is CVE-2026-44612 — DLL Hijacking in Bytello Share (Windows)?

CVE-2026-44612 is a DLL hijacking vulnerability in the Bytello Share (Windows Edition) installer. An attacker can execute code by placing a malicious DLL in the installer directory, gaining user privileges.

Am I affected by CVE-2026-44612 in Bytello Share (Windows)?

You are affected if you are using Bytello Share (Windows Edition) prior to version 5.13.0.4246. Check your installed version and upgrade if necessary.

How do I fix CVE-2026-44612 in Bytello Share (Windows)?

Upgrade to version 5.13.0.4246 or later. As a temporary measure, restrict write access to the installer directory.

Is CVE-2026-44612 being actively exploited?

Currently, there are no known public exploits or active campaigns targeting CVE-2026-44612, but it is rated HIGH severity and should be addressed promptly.

Where can I find the official Bytello advisory for CVE-2026-44612?

Please refer to the Bytello website or security announcements for the official advisory regarding CVE-2026-44612.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs
livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...