Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN216 _____________________________________________________________________ DATE : 25/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Synology versions prior to 2.1.3-0672. ===================================================================== https://www.synology.com/fr-fr/security/advisory/Synology_SA_26_02 _____________________________________________________________________ Synology-SA-26:02 Synology Presto Client Publish Time: 2026-02-24 10:30:28 UTC+8 Last Updated: 2026-02-24 10:33:08 UTC+8 Severity Moderate Status Resolved Abstract Synology has released a security update for the Presto Client on Windows to address a vulnerability : CVE-2026-3091 allows local users to read or write arbitrary files. Please refer to the 'Affected Products' table for the corresponding updates. Affected Products Product Severity Fixed Release Availability Synology Presto Client Moderate Upgrade to 2.1.3-0672 or above. Mitigation None Detail CVE-2026-3091 Severity: Moderate CVSS3 Base Score: 6.7 CVSS3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CWE-427: Uncontrolled Search Path Element An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer. Acknowledgement Sahil Shah Reference CVE-2026-3091 Revision Revision Date Description 1 2026-02-24 Initial public release. 2 2026-02-24 Disclosed vulnerability details. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================