Vulnerability Information Title: Cobian Backup 0.9 - Unquoted Service Path Severity: High Date: January 13, 2026 Affected Software: Cobian Backup 0.9.93 CVSS Score: 8.8 CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/SC:H/CI:H/II:H/AVI:N/VI:N/SC:N/SI:N/SA:N CVE ID: CVE-2022-50923 CWE ID: CWE-428 Unquoted Search Path or Element References: - ExploitDB-50810 - Vendor Homepage - Software Download Page Credit: Hejap Zairy Description: Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.