QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42881

Published: May 14, 2026

Modified: May 14, 2026

PUBLISHED

Description

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the "Export HTML" action. This vulnerability is fixed in 1.2.7.

Vendor	Product	Versions
squinky86	STIGQter	affected `>= 0.1.2, < 1.2.7`

Weaknesses (CWE)

References

https://github.com/squinky86/STIGQter/security/advisories/GHSA-mcv5-5j7p-vqh7

x_refsource_CONFIRM

https://www.bitwizemusic.com/security/advisories/bve-2026-0007

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-42881 - Security Vulnerability | QwikSec