{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5789", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2026-04-08T12:34:46.460Z", "datePublished": "2026-04-21T14:22:05.872Z", "dateUpdated": "2026-04-21T19:27:53.853Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2026-04-21T14:32:09.961Z"}, "title": "Search path without quotes in CivetWeb", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-428", "description": "CWE-428 Unquoted search path or element", "type": "CWE"}]}], "affected": [{"vendor": "CivetWeb", "product": "CivetWeb", "versions": [{"status": "affected", "version": "1.16"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration."}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "No solution has been reported yet.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "No solution has been reported yet."}]}], "credits": [{"lang": "en", "value": "Rafael Pedrero", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T19:27:46.620973Z", "id": "CVE-2026-5789", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:27:53.853Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5789", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T19:27:46.620973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:27:50.585Z"}}], "cna": {"title": "Search path without quotes in CivetWeb", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Rafael Pedrero"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CivetWeb", "product": "CivetWeb", "versions": [{"status": "affected", "version": "1.16"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "No solution has been reported yet.", "supportingMedia": [{"type": "text/html", "value": "No solution has been reported yet.", "base64": false}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted search path or element"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2026-04-21T14:32:09.961Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5789", "state": "PUBLISHED", "dateUpdated": "2026-04-21T19:27:53.853Z", "dateReserved": "2026-04-08T12:34:46.460Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2026-04-21T14:22:05.872Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\\Program Files\\CivetWeb\\CivetWeb.exe --), due to the absence of quotes in the service configuration."}], "id": "CVE-2026-5789", "lastModified": "2026-04-21T16:20:24.180", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2026-04-21T15:16:37.713", "references": [{"source": "cve-coordination@incibe.es", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "cve-coordination@incibe.es", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:47:29.627775+00:00", "value": {"mitigation_remediation": ["Verify that CivetWeb 1.16 is installed and that the service configuration does not include the \"CivetWeb.exe\" decision path unquoted.", "Restrict write permissions on any directories that are scanned before the CivetWeb executable, so that only privileged users can place executables there.", "Modify the service installation or configuration to quote the executable path or to move the service to a directory that does not involve concatenation of unquoted segments.", "Continuously monitor system logs for unexpected execution of binaries originating from unexpected directories and investigate promptly."], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "CivetWeb version 1.16 on Windows platforms where the CivetWeb service is installed. The flaw is linked to the typical installation path C:\\Program Files\\CivetWeb\\CivetWeb.exe and the ability of the service to search preceding directories on the file system.", "description_and_impact": "This vulnerability is a local privilege escalation flaw that arises from an unquoted search path in CivetWeb 1.16. The service configuration concatenates directories before the intended application path, so when a malicious executable is placed in a preceding directory, it can be executed with the same privileges as the CivetWeb service. An attacker who can write files to any of these directories can therefore run arbitrary code with elevated privileges on the system.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.5, indicating a high severity risk. EPSS data is not available, but the lack of a published patch and the critical impact suggest that exploitation is plausible if an attacker can write to the relevant directories. The vulnerability is not listed in CISA\u2019s KEV catalog, yet the local nature of the attack may appeal to attackers targeting compromised systems or exploiting privileged service configurations."}}}}, "created": "2026-04-21T23:00:03.478072+00:00", "updated": "2026-04-21T23:00:03.478085+00:00", "vendors": []}