CVE-2026-3091 is a vulnerability classified as an uncontrolled search path element issue affecting Synology Presto Client versions prior to 2.1.3-0672. The flaw arises because the installer process does not securely handle the search path for DLLs during installation. Specifically, a local attacker with limited privileges can place a malicious DLL in the same directory as the installer executable before installation begins. When the installer runs, it loads this malicious DLL instead of the legitimate one, enabling the attacker to perform arbitrary file read or write operations on the system. This can lead to unauthorized access or modification of sensitive files, potentially compromising system confidentiality, integrity, and availability. Exploitation requires local access, some level of privilege (low), and user interaction to initiate the installer. The vulnerability has a CVSS v3.1 base score of 6.7, reflecting medium severity due to the combination of required conditions and the impact scope. No public exploits or widespread attacks have been reported to date. The vulnerability is particularly relevant for environments where Synology Presto Client is used for file transfer or synchronization, especially in enterprise or critical infrastructure settings. The lack of a patch link in the provided data suggests users should monitor Synology advisories closely and apply updates promptly once available.

The vulnerability allows an attacker with local access to execute arbitrary code during the installation process by loading a malicious DLL. This can lead to unauthorized disclosure or modification of sensitive files, potentially compromising system confidentiality and integrity. Additionally, it can disrupt availability if critical files are overwritten or corrupted. Organizations relying on Synology Presto Client for secure file transfers or synchronization may face data breaches, operational disruptions, or lateral movement within their networks. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk in environments with multiple users or shared systems. The medium severity rating indicates a significant but not critical threat, emphasizing the need for timely mitigation to prevent escalation or combined attacks.

1. Upgrade Synology Presto Client to version 2.1.3-0672 or later as soon as the patch is available from Synology. 2. Restrict local user permissions to prevent unauthorized users from writing files to directories where installers are executed. 3. Implement application whitelisting to ensure only trusted installers and DLLs are executed. 4. Educate users to avoid running installers from untrusted locations or sources. 5. Use endpoint protection solutions capable of detecting and blocking DLL hijacking or unauthorized file modifications. 6. Monitor installation directories for unexpected files or changes prior to running installers. 7. Employ least privilege principles to minimize the number of users with installation rights. 8. Regularly audit systems for signs of tampering or suspicious DLL files in installation paths.