Total VPN win-service.exe unquoted search path_CVE-2026-2542

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-2542

Source VulDB

Published Feb 16, 2026 at 06:32

Affected Product

Vendor n/a

Product Total VPN

Version 0.5.29.0

Affected Versions n/a Total VPN 0.5.29.0

CWE Classification

CWE-428 CWE-426

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\\Program Files\\Total VPN\\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-02-16T06:32:06.931Z",
    "modified": "2026-02-16T06:32:06.931Z",
    "type": "cve",
    "title": "Total VPN win-service.exe unquoted search path",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346127\nhttps://vuldb.com/?ctiid.346127\nhttps://vuldb.com/?submit.749365\nhttps://github.com/Cyber-Wo0dy/report/blob/main/totalvpn/0.5.29.0/totalvpn_unquoted_service_path.md",
    "id": "CVE-2026-2542",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428",
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "n/a Total VPN 0.5.29.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Total VPN",
    "version": "0.5.29.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}