CNNVD-202601-3458 Information

CNNVD ID

CNNVD-202601-3458

Related CVE

CVE-2026-23988

• CNNVD Published: 2026-01-22

Description (Chinese)

Rufus是Pete Batard个人开发者的一个可靠的 USB 格式化工具。 Rufus 4.11及之前版本存在安全漏洞，该漏洞源于在创建、验证和执行Fido PowerShell脚本期间存在竞争条件，可能导致以管理员权限执行任意代码。

Description (English)

Rufus is a reliable USB formatting tool for Pete Batard’s personal developers. Rufus 4.11 and previous versions had a security loophole, which stemmed from competitive conditions during the creation, validation and implementation of the Fido PowerShell script, which could lead to the enforcement of arbitrary codes with administrator authority.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/pbatard/rufus/commit/460cc5768aa45be07941b9e4ebc9bee02d282873 https://github.com/pbatard/rufus/releases/tag/v4.12_BETA https://github.com/pbatard/rufus/security/advisories/GHSA-hcx5-hrhj-xhq9 https://access.redhat.com/security/cve/cve-2026-23988

Patch

https://rufus.ie/zh/#download