{"id":"CVE-2023-50446","details":"An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.","modified":"2026-04-10T05:11:48.388034Z","published":"2023-12-10T17:15:07.070Z","references":[{"type":"ADVISORY","url":"https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6"},{"type":"ADVISORY","url":"https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1"},{"type":"FIX","url":"https://github.com/mullvad/mullvadvpn-app/pull/5398"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mullvad/mullvadvpn-app","events":[{"introduced":"0"},{"last_affected":"b215b1bb3fa9da231e1b618133d9f9ba6b7bce7d"},{"fixed":"6b890b4f7b3c672d2515f4b308dfa84e913e004c"},{"fixed":"0a86f659f33a882f60d34a08263b1ba30d3e2d01"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2023.5"}]}}],"versions":["2017.1-alpha4","2017.1-alpha5","2017.1-beta1","2017.1-beta2","2017.1-beta3","2017.1-beta4","2018.1-beta8","2018.1-beta9","2018.2-beta1","2018.2-beta2","2018.2-beta3","2018.3","2018.3-beta1","2018.4-beta1","2018.4-beta2","2018.6-beta1","2019.10-beta1","2019.10-beta2","2019.2-beta1","2019.7","2019.7-beta1","2019.8","2019.8-beta1","2019.9","2019.9-beta1","2020.4-beta1","2020.4-beta2","2020.5-beta1","2020.5-beta2","android/2023.1","android/2023.1-beta1","android/2023.1-beta2","android/2023.2","android/2023.3","android/2023.4","android/2023.5","ios/2020.1","ios/2020.2","ios/2020.3","ios/2020.4","ios/2020.5","ios/2021.1","ios/2021.2","ios/2021.3","ios/2021.4","ios/2022.1","ios/2022.2","ios/2022.3","ios/2022.3-build1","ios/2022.3-build2","ios/2023.1","ios/2023.1-build5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50446.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}