PT-2026-3826 · Microsoft+1 · Gvfs.Service+1
Mohammed Alshehri
·
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2021-47874
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VFS for Git version 1.0.21014.1
Description
VFS for Git version 1.0.21014.1 contains a security issue in the GVFS.Service Windows service related to an unquoted service path. This allows local attackers to potentially execute code with elevated privileges. The issue arises because the unquoted binary path can be exploited to inject malicious executables. These executables can then be launched with LocalSystem privileges during service startup or system reboot.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gvfs.Service
Vfs For Git