CVE-2026-40031
Received Received - Intake
DLL Hijacking in MemProcFS Allows Arbitrary Code Execution

Publication date: 2026-04-08

Last updated on: 2026-04-17

Assigner: VulnCheck

Description
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40031
EUVD
EUVD-2026-20773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ufrisk memprocfs to 5.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in MemProcFS versions before 5.17 and involves unsafe library-loading patterns. Specifically, it allows DLL and shared-library hijacking through six different attack surfaces. The issue arises because MemProcFS uses bare-name LoadLibraryU and dlopen calls without specifying full paths for certain components like vmmpyc, libMSCompression, and plugin DLLs.

An attacker can exploit this by placing a malicious DLL or shared library in the working directory or by manipulating the LD_LIBRARY_PATH environment variable. When MemProcFS loads these libraries, it may load the malicious ones instead of the intended ones, leading to arbitrary code execution.

Impact Analysis

The vulnerability can lead to arbitrary code execution on the affected system. This means an attacker could run malicious code with the privileges of the user running MemProcFS.

  • Potential impacts include unauthorized access to sensitive data.
  • Compromise of system integrity and availability.
  • Execution of malicious actions such as installing malware or creating backdoors.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40031. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart