PT-2026-41430 · Unknown · Syncplify.Me Server!

Julio Aviña

·

Published

2026-05-16

·

Updated

2026-05-16

·

CVE-2020-37230

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Syncplify.me Server! version 5.0.37
Description The SMWebRestServicev5 service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local attackers to escalate privileges by inserting a malicious executable into the service path, which then executes with LocalSystem privileges upon service restart or system reboot.
Recommendations For version 5.0.37, ensure the service path for SMWebRestServicev5 is properly quoted in the system registry to prevent the execution of unauthorized binaries.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2020-37230

Affected Products

Syncplify.Me Server!