CVE-2026-33253

Published: Mar 25, 2026 Last Modified: Mar 25, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 6,7
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

428

Unquoted Search Path or Element

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Operating Systems: Windows NT, macOS
View CWE Details
https://jvn.jp/en/jp/JVN90835713/
https://jvn.jp/en/jp/JVN90835713/
https://products.sanyodenki.com/media/document/sanups/H0033…
https://products.sanyodenki.com/media/document/sanups/H0033413_jp.pdf
https://products.sanyodenki.com/media/document/sanups/H0033…
https://products.sanyodenki.com/media/document/sanups/H0033449_en.pdf