CVE-2026-5789

Name of the Vulnerable Software and Affected Versions CivetWeb version 1.16

Description An unquoted search path issue exists due to the absence of quotes in the service configuration. This allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path 'C:Program FilesCivetWebCivetWeb.exe --'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.