CVE-2026-33430
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Description
### Impact If a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by the installing user, this may allow a low privilege but authenticated user to replace or modify the binaries installed by the application. If an administrator then runs the altered binary, the binary will run with elevated privileges. ### Patches The problem is caused by the template used to generate the WXS file for Windows projects. It was fixed with the following PRs: * beeware/briefcase-windows-app-template#86 * beeware/briefcase-windows-VisualStudio-template#85 These patches have been backported to the templates used in Briefcase 0.3.26, 0.4.0, and 0.4.1. Re-running `briefcase create` on your Briefcase project will result in the updated templates being used. ### Workarounds The change from beeware/briefcase-windows-app-template#86 can be added to any existing Briefcase .wxs file generated by Briefcase 0.3.24 or later. ### Resources beeware/briefcase#2759 is a formal bug report of the problem.
How to fix CVE-2026-33430
To remediate CVE-2026-33430, upgrade the affected package to a fixed version below.
- —upgrade to 0.3.26 or later
- —upgrade to 0.3.26 or later
Is CVE-2026-33430 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 0.3.0, < 0.3.26