CVE-2021-47974

HIGH 7.8

VX Search 13.5.28 Unquoted Service Path Privilege Escalation

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.

CWE	CWE-428
Vendor	vxsearch
Product	vx search
Published	May 16, 2026

Stay Ahead of the Next One

Get instant alerts for vxsearch vx search

Be the first to know when new high vulnerabilities affecting vxsearch vx search are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Vxsearch / VX Search

13.5.28

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50026 vxsearch.com: https://www.vxsearch.com vulncheck.com: https://www.vulncheck.com/advisories/vx-search-unquoted-service-path-privilege-escalation

Credits

Brian Rodriguez