CVE-2026-28211
Arbitrary Code Execution via Log Reader in NVDA Toolbox
Publication date: 2026-02-26
Last updated on: 2026-02-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvaccess | nvda | From 2.0 (inc) to 8.0 (inc) |
| nvaccess | nvda | 9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-943 | The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Log Reader feature of the NVDA Dev & Test Toolbox add-on, versions 2.0 through 8.0. When a user reads a maliciously crafted log file using the log reading commands, arbitrary code execution can occur. This happens because the log reading commands process speech log entries unsafely, evaluating embedded Python expressions within the log. An attacker can exploit this by tricking a user into opening and analyzing a crafted log file, causing attacker-controlled code to run with the user's privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code on your system with the same privileges as the current user. This can lead to unauthorized actions such as data theft, system modification, or further malware installation. The attack requires user interaction, specifically opening and reading a malicious log file with the vulnerable log reading commands.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the NVDA Dev & Test Toolbox add-on versions 2.0 through 8.0, specifically in the Log Reader feature. Detection involves identifying if these vulnerable versions are installed and if the log reading commands are being used.
Since the vulnerability is triggered by opening a maliciously crafted log file with log reading commands, detection can focus on monitoring usage of these commands or scanning for suspicious log files.
No specific commands for detection are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid using the log reading commands in the NVDA Dev & Test Toolbox add-on versions 2.0 through 8.0, especially commands that move to the next or previous log message.
As a more secure workaround, disable the gestures associated with these log reading commands in the input gesture dialog.
Upgrading to version 9.0 of the NVDA Dev & Test Toolbox add-on, which contains a fix for this issue, is recommended.