CWE-428— Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.— MITRE CWE catalog
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-428page 9 of 9
- CVE-2025-34499MEDIUMCVSS 6.9EG 6.92025-12-11
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to i…
- CVE-2025-36384HIGHCVSS 8.4EG 8.42026-01-30
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
- CVE-2025-39246MEDIUMCVSS 5.3EG 5.32025-08-29
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-43993HIGHCVSS 7.8EG 7.82025-09-25
Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this v…
- CVE-2025-4540HIGHCVSS 7.0EG 7.02025-05-11
A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack n…
- CVE-2025-5191HIGHCVSS 7.3EG 7.32025-08-25
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privilege…
- CVE-2025-54081MEDIUMCVSS 6.7EG 6.72025-09-23
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a spa…
- CVE-2025-57227HIGHCVSS 7.8EG 7.82025-10-29
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
- CVE-2025-57699MEDIUMCVSS 6.7EG 6.72025-08-22
Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with …
- CVE-2025-57714HIGHCVSS 7.8EG 7.82025-10-03
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fi…
- CVE-2025-58400MEDIUMCVSS 6.7EG 6.72025-09-05
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SY…
- CVE-2025-59307MEDIUMCVSS 6.7EG 6.72025-09-17
RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- CVE-2025-59888MEDIUMCVSS 6.7EG 6.72025-12-26
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC w…
- CVE-2025-60320MEDIUMCVSS 6.7EG 6.72025-10-29
memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This mi…
- CVE-2025-61865MEDIUMCVSS 6.7EG 6.72025-10-23
Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM pr…
- CVE-2025-61871MEDIUMCVSS 6.7EG 6.72025-10-10
NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- CVE-2025-62225MEDIUMCVSS 6.7EG 6.72025-11-05
Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- CVE-2025-64151MEDIUMCVSS 6.7EG 6.72025-11-05
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privile…
- CVE-2025-66264HIGHCVSS 7.2EG 7.22025-11-26
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.
- CVE-2025-66269HIGHCVSS 7.1EG 7.12025-11-26
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a local attacker to perform path interception and escalate privileges if they have write permissions to the directo…
- CVE-2025-66271MEDIUMCVSS 6.7EG 6.72025-12-09
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- CVE-2025-66461MEDIUMCVSS 6.7EG 6.72025-12-08
FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory …
- CVE-2025-66575HIGHCVSS 7.8EG 7.82025-12-04
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service n…
- CVE-2025-71326HIGHCVSS 7.8EG 7.82026-06-19
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the s…
- CVE-2025-8070CRITICALCVSS 9.2EG 9.22025-07-23
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Pro…
- CVE-2025-9043MEDIUMCVSS 6.7EG 6.72025-08-14
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with wri…
- CVE-2025-9818MEDIUMCVSS 6.7EG 6.72025-09-17
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation …
- CVE-2026-1585MEDIUMCVSS 6.7EG 6.72026-02-27
An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.
- CVE-2026-24466MEDIUMCVSS 6.7EG 6.72026-02-09
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system dr…
- CVE-2026-2542HIGHCVSS 7.0EG 7.02026-02-16
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. …
- CVE-2026-25865HIGHCVSS 7.8EG 7.82026-06-18
Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe w…
- CVE-2026-25866HIGHCVSS 7.8EG 7.82026-03-09
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the…
- CVE-2026-34768LOWCVSS 3.9EG 3.92026-04-04
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: true}) wrote the execut…
- CVE-2026-5789HIGHCVSS 7.8EG 7.82026-04-21
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the i…
- CVE-2026-7280MEDIUMCVSS 6.7EG 6.72026-04-28
AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges…
- CVE-2026-8864HIGHCVSS 7.3EG 7.32026-06-30
The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mitigate this potential vulnerability.
Map vulnerabilities like CWE-428 to your infrastructure
EchelonGraph correlates every CVE — across CWE-428 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →