PT-2026-2393 · Proton Technologies · Protonvpn
Gemreda
·
Published
2026-01-13
·
Updated
2026-03-02
·
CVE-2022-50917
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProtonVPN version 1.26.0
Description
ProtonVPN version 1.26.0 has an issue with an unquoted service path in its WireGuard service configuration. This could allow local attackers to potentially run arbitrary code. The issue arises because of the unquoted path, enabling attackers to place malicious executables in specific file system locations. This allows them to gain higher privileges when the service starts.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Protonvpn