Description

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by the installing user, this may allow a low privilege but authenticated user to replace or modify the binaries installed by the application. If an administrator then runs the altered binary, the binary will run with elevated privileges. The problem is caused by the template used to generate the WXS file for Windows projects. It was fixed in the templates used in Briefcase 0.3.26, 0.4.0, and 0.4.1. Re-running `briefcase create` on your Briefcase project will result in the updated templates being used. As a workaround, the patch can be added to any existing Briefcase .wxs file generated by Briefcase 0.3.24 or later.

INFO

Published Date :

2026-03-26T16:54:42.992Z

Last Modified :

2026-03-26T18:24:04.179Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33430 vulnerability.

Vendors Products
Beeware
  • Briefcase
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33430.

URL Resource
https://github.com/beeware/briefcase-windows-VisualStudio-template/pull/85 cve-icon cve-icon
https://github.com/beeware/briefcase-windows-app-template/pull/86 cve-icon cve-icon
https://github.com/beeware/briefcase/issues/2759 cve-icon cve-icon
https://github.com/beeware/briefcase/security/advisories/GHSA-r3r2-35v9-v238 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact