CVE-2026-5789— Search path without quotes in CivetWeb

Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.

N/A

未经引用的搜索路径或元素

CivetWeb 代码问题漏洞

CivetWeb是Civetweb开源的一个易于使用、功能强大、可嵌入 C/C++ 的 Web 服务器，具有可选的 CGI、SSL 和 Lua 支持。 CivetWeb v1.16版本存在代码问题漏洞，该漏洞源于服务配置中未加引号的搜索路径，可能导致本地攻击者通过放置恶意可执行文件执行任意代码并提升权限。

N/A

N/A