NAVER MYBOX Windows Vulnerability Grants SYSTEM-Level Access Through Registry Manipulation

A high-severity privilege escalation vulnerability in NAVER's MYBOX Explorer for Windows could allow local attackers to seize full system control, escalating privileges to the highest possible level on affected machines. Tracked as CVE-2026-8148 with a CVSS score of 7.8, the flaw enables unauthorized users to achieve NT AUTHORITY\SYSTEM status—the Windows equivalent of root access—through targeted registry manipulation.

The vulnerability affects all versions of MYBOX Explorer for Windows prior to 3.0.11.160. According to the disclosure, the root cause lies in improper privilege validation checks within the application, creating an opening for attackers with existing local access to modify registry entries and elevate their permissions. Once exploited, an attacker gains complete control over the compromised system, including the ability to install programs, access all files, modify system data, and create new accounts with full administrative rights.

NAVER, one of South Korea's largest technology platforms, distributes MYBOX as a cloud storage and file management solution widely used across Asian markets. Organizations and individuals running unpatched versions face elevated risk, particularly in multi-user environments where local access is more readily available. Users should update to version 3.0.11.160 or later immediately to mitigate exposure. The disclosure underscores the persistent danger of privilege escalation vectors in desktop applications, where insufficient access control checks can transform limited footholds into complete system compromise.