CVE 8.5 HIGH

Search path without quotes in CivetWeb_CVE-2026-5789

April 21, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.

AI Analysis

Unquoted search path vulnerability in CivetWeb allowing local attackers to execute arbitrary code with elevated privileges

Basic Information

ID CVE-2026-5789

Source INCIBE

Published Apr 21, 2026 at 14:22

Modified Apr 21, 2026 at 14:32

Affected Product

Vendor CivetWeb

Product CivetWeb

Version 1.16

Affected Versions CivetWeb CivetWeb 1.16

CWE Classification

CWE-428

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor CivetWeb

Product CivetWeb

Version 1.16

References

www.incibe.es /en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb

{
    "lastseen": "",
    "description": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration.",
    "published": "2026-04-21T14:22:05.872Z",
    "modified": "2026-04-21T14:32:09.961Z",
    "type": "cve",
    "title": "Search path without quotes in CivetWeb",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb",
    "id": "CVE-2026-5789",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "CivetWeb CivetWeb 1.16",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CivetWeb",
    "version": "1.16",
    "vendor": "CivetWeb",
    "ai_description": "Unquoted search path vulnerability in CivetWeb allowing local attackers to execute arbitrary code with elevated privileges",
    "ai_severity": "High",
    "ai_vendor": "CivetWeb",
    "ai_product": "CivetWeb",
    "ai_version": "1.16",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply