PT-2026-2393 · Proton Technologies · Protonvpn
Gemreda
·
Publicado
2026-01-13
·
Atualizado
2026-03-02
·
CVE-2022-50917
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProtonVPN version 1.26.0
Description
ProtonVPN version 1.26.0 has an issue with an unquoted service path in its WireGuard service configuration. This could allow local attackers to potentially run arbitrary code. The issue arises because of the unquoted path, enabling attackers to place malicious executables in specific file system locations. This allows them to gain higher privileges when the service starts.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Protonvpn