CVE-2026-0776 is a local privilege escalation vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting the Discord Client, specifically version 1.0.9196. The vulnerability exists in the discord_rpc module, which improperly loads files from unsecured or untrusted locations in the system's search path. This flaw allows an attacker who already has the ability to execute low-privileged code on the target system to escalate their privileges by placing a malicious file in a location that the Discord Client searches before the legitimate file. When the client loads this malicious file, the attacker gains the ability to execute arbitrary code with the privileges of the Discord user, potentially leading to full user account compromise. The attack requires local access and some user interaction, such as running the Discord Client or triggering the vulnerable module. The CVSS v3.0 score of 7.3 reflects high impact on confidentiality, integrity, and availability, with low attack complexity but requiring privileges and user interaction. No patches or fixes have been released as of the publication date, and no known exploits have been observed in the wild. This vulnerability highlights the risks of insecure DLL or module loading paths in widely used applications and underscores the importance of secure software design and update mechanisms.

The vulnerability allows attackers with limited local access to escalate their privileges within the Discord Client environment, potentially leading to arbitrary code execution with the user's privileges. This can compromise user confidentiality by exposing sensitive communications and credentials stored or accessed via Discord. Integrity is at risk as attackers could manipulate Discord's functionality or data, and availability could be impacted if malicious code disrupts the client or system operations. For organizations, this could lead to lateral movement within networks if Discord is used on corporate endpoints, exposing internal resources. The requirement for local code execution and user interaction limits remote exploitation but does not eliminate risk, especially in environments where endpoint security is weak or users are susceptible to social engineering. The absence of patches increases the window of exposure, and the widespread use of Discord in gaming, education, and enterprise collaboration magnifies potential impact.

Organizations and users should immediately verify their Discord Client version and avoid using version 1.0.9196 until a patch is released. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized file modifications or suspicious DLL loading behaviors related to Discord. Restrict local user permissions to minimize the ability to write to directories in the search path used by Discord. Monitor systems for unusual activity involving discord_rpc module or unexpected file loads. Educate users about the risks of running untrusted code and the importance of applying updates promptly once available. Consider isolating Discord usage in sandboxed environments or virtual machines to contain potential exploitation. Maintain robust logging and alerting on endpoint systems to detect privilege escalation attempts. Coordinate with Discord support channels for updates on patches or official guidance.