CVE-2026-2542

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Total VPN version 0.5.29.0

Description A security issue exists in Total VPN 0.5.29.0 on Windows related to an unquoted search path within the file C:Program FilesTotal VPNwin-service.exe. This can lead to potential local privilege escalation. The exploitation of this issue is considered difficult and requires high complexity. The vendor was contacted regarding this issue but did not provide a response.

Recommendations Review directory permissions for the affected file. Monitor the system closely for any suspicious activity.

Fix

LPE

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428CWE-426

Related Identifiers

CVE-2026-2542

Affected Products

Total Vpn

Windows

CVE-2026-2542

Weakness Enumeration

Related Identifiers

Affected Products

References · 12