CVE-2026-0776 in Discord
Summary
by MITRE • 01/23/2026
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27057.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/25/2026
The vulnerability identified as CVE-2026-0776 represents a critical local privilege escalation flaw within the Discord client software that operates under the framework of CWE-427 Uncontrolled Search Path Element. This vulnerability specifically targets the discord_rpc module which demonstrates poor security practices in file loading operations by accessing resources from insecure locations without proper validation or sanitization. The flaw exists at the core of how the application resolves and loads dynamic libraries or executable components, creating an exploitable condition where malicious code can be injected into the legitimate application execution flow.
The technical exploitation of this vulnerability requires an attacker to first establish a foothold with low-privileged user access on the target system, which aligns with the ATT&CK technique T1068 for Local Privilege Escalation. Once initial access is achieved, the attacker can manipulate the search path used by the discord_rpc module to load required components, effectively allowing them to place malicious binaries or libraries in directories that are searched before legitimate system locations. This behavior directly enables the execution of arbitrary code with elevated privileges, as the system will load the attacker-controlled components instead of the intended legitimate files.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it provides attackers with a persistent backdoor mechanism within the Discord client environment. This creates opportunities for long-term system compromise and data exfiltration, particularly in enterprise environments where Discord clients are commonly used for communication. The vulnerability affects all versions of the Discord client that utilize the problematic discord_rpc module, making it a widespread concern across various deployment scenarios including desktop environments, gaming platforms, and business communication systems.
Security mitigation strategies must address both the immediate vulnerability and broader system hardening measures. Organizations should implement proper application whitelisting policies to restrict which executables can run on target systems, while also applying the vendor-provided patches as soon as they become available. The ATT&CK framework suggests implementing process injection prevention measures and monitoring for suspicious file access patterns that could indicate exploitation attempts. Additionally, system administrators should consider implementing least privilege principles for Discord client installations and regularly audit the search paths used by applications to prevent similar vulnerabilities from being exploited in other software components. This vulnerability serves as a reminder of the critical importance of secure coding practices and proper input validation in system components that handle file operations and dynamic loading mechanisms.