PT-2026-5849 · Syncbreeze+1 · Syncbreeze Enterprise+1

Boku

Published

2026-02-03

Updated

2026-02-20

CVE-2020-37100

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise version 12.4.18

Description Sync Breeze Enterprise 12.4.18 contains an unquoted service path that could allow local attackers to execute arbitrary code with elevated system privileges. The issue arises from an unquoted binary path, enabling attackers to place malicious executables in specific file system locations and hijack the service startup process.

Recommendations Ensure the service path is properly quoted to prevent the execution of unauthorized code.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2020-37100

Affected Products

Syncbreeze Enterprise

Syncbreeze

PT-2026-5849 · Syncbreeze+1 · Syncbreeze Enterprise+1

CVE-2020-37100

Weakness Enumeration

Related Identifiers

Affected Products

References · 6