CVE-2026-30266
Insecure Permissions in DeepCool DeepCreative Allows Code Execution
Publication date: 2026-04-20
Last updated on: 2026-04-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deepcool | deepcreative | to 1.2.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-277 | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30266 is an insecure permissions vulnerability in DeepCool DeepCreative version 1.2.11 and earlier. It allows a local, unprivileged attacker to execute arbitrary code by crafting a malicious file and replacing a legitimate file that is executed by the NT\SYSTEM account as part of the DeepCreative service. This happens because of improper file permission settings that let the attacker rewrite files that should be protected.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to gain elevated privileges by executing arbitrary code with SYSTEM-level permissions. This means the attacker could potentially take full control of the affected system, install malware, steal sensitive data, or disrupt system operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves insecure file permissions in DeepCool DeepCreative versions 1.2.11 and earlier, allowing local attackers to replace files executed by the NT\SYSTEM account. Detection involves checking file permissions of DeepCreative service files to identify if they are writable by unprivileged users.
Suggested commands to detect insecure permissions on Windows systems include:
- Using PowerShell to check permissions on the DeepCreative executable or service files: Get-Acl -Path "C:\Path\To\DeepCreative\file.exe" | Format-List
- Using icacls to view file permissions: icacls "C:\Path\To\DeepCreative\file.exe"
Look for permissions that allow write access to non-administrative users, which could indicate vulnerability to exploitation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict file permissions on DeepCreative service files to prevent unprivileged users from modifying them.
Steps include:
- Identify all DeepCreative executable and service files that are writable by non-administrative users.
- Use Windows tools such as icacls or PowerShell to remove write permissions for unprivileged users. For example: icacls "C:\Path\To\DeepCreative\file.exe" /remove:g "Users"
- Apply the principle of least privilege by ensuring only SYSTEM and administrators have write access.
- Check for and apply any available updates or patches from DeepCool once released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a local attacker to execute arbitrary code with high impact on confidentiality, integrity, and availability, which could lead to unauthorized access or manipulation of sensitive data.
Such unauthorized access or data manipulation could potentially result in non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls to protect personal and sensitive information.
However, the provided information does not explicitly state the direct impact on compliance with these standards.