CVE-2026-5789

UNKNOWN 0.0

Search path without quotes in CivetWeb

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.

CWE	CWE-428
Vendor	civetweb
Product	civetweb
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for civetweb civetweb

Be the first to know when new unknown vulnerabilities affecting civetweb civetweb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CivetWeb / CivetWeb

1.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb

Credits

Rafael Pedrero