Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 295

295 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-7280 eMPIA Technology|AVACAST - Unquoted Service Path — AVACAST 6.7 Medium2026-04-28
CVE-2026-5789 Search path without quotes in CivetWeb — CivetWeb 8.4AIHighAI2026-04-21
CVE-2016-20061 sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation — sheed AntiVirus 7.8 High2026-04-04
CVE-2016-20060 Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation — Hotspot Shield 7.8 High2026-04-04
CVE-2016-20059 IObit Malware Fighter 4.3.1 Unquoted Service Path Privilege Escalation — IObit Malware Fighter 7.8 High2026-04-04
CVE-2016-20057 NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation — NETGATE Registry Cleaner 7.8 High2026-04-04
CVE-2016-20058 Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation — NETGATE AMITI Antivirus 7.8 High2026-04-04
CVE-2016-20056 Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation — Spy Emergency 7.8 High2026-04-04
CVE-2016-20055 IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation — IObit Advanced SystemCare 7.8 High2026-04-04
CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows — electron 3.9 Low2026-04-03
CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv — Small HTTP 7.8 -2026-03-26
CVE-2026-33253 SANYO DENKI SANUPS SOFTWARE 代码问题漏洞 — SANUPS SOFTWARE STANDALONE 7.8 -2026-03-25
CVE-2017-20218 Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path — Serviio PRO 7.8 High2026-03-15
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path — MobaXterm 7.8 High2026-03-09
CVE-2026-26033 Dell UPS Multi-UPS Management Console 代码问题漏洞 — UPS Multi-UPS Management Console (MUMC) 7.8 -2026-03-05
CVE-2026-1585 Canon IJ Scan Utility 安全漏洞 — IJ Scan Utility 6.7 Medium2026-02-26
CVE-2026-2542 Total VPN win-service.exe unquoted search path — Total VPN 7.0 High2026-02-16
CVE-2019-25345 RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path — RTK IIS Codec Service 7.8 High2026-02-12
CVE-2019-25309 Zilab Remote Console Server 3.2.9 - 'Zilab Remote Console Server' Unquoted Service Path — Zilab Remote Console Server 7.8 High2026-02-11
CVE-2019-25310 ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path — ActiveFax Server 7.8 High2026-02-11
CVE-2019-25307 WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path — WorkgroupMail 7.8 High2026-02-11
CVE-2019-25308 Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path — Mikogo 7.8 High2026-02-11
CVE-2019-25306 BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path — BlackMoon FTP Server 7.8 High2026-02-11
CVE-2026-24466 Oki、Ricoh和Murata Machinery多款产品 代码问题漏洞 — See "References" section 7.8AIHighAI2026-02-09
CVE-2019-25293 Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path — Blue Stacks App Player 7.8 High2026-02-06
CVE-2019-25305 JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path — JumpStart 7.8 High2026-02-06
CVE-2019-25304 Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path — Intelligent Security System SecurOS Enterprise 7.8 High2026-02-06
CVE-2019-25302 Acer Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path — Launch Manager 7.8 High2026-02-06
CVE-2019-25292 Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path — Alps HID Monitor Service 7.8 High2026-02-06
CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path — Wondershare Application Framework Service 7.8 High2026-02-06

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 295 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.