Published: April 21, 2026 | Last Modified: April 21, 2026
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.