CVE-2026-25865

HIGH 7.8

Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

CWE	CWE-428
Vendor	yandex
Product	punto switcher
Published	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for yandex punto switcher

Be the first to know when new high vulnerabilities affecting yandex punto switcher are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Yandex / Punto Switcher

0 ≤ 4.5.0.583

References

NVD ↗ CVE.org ↗ EPSS Data ↗

spektion.com: https://spektion.com/articles/cve-2026-25865-punto-switcher yandex.ru: https://yandex.ru/soft/punto vulncheck.com: https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec

Credits

Spektion Research Team VulnCheck