Details of VAR-202604-2830

ID

VAR-202604-2830

CVE

CVE-2026-5789

TITLE

CivetWeb project of CivetWeb Unquoted Search Path or Element Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-012458

DESCRIPTION

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5789 // JVNDB: JVNDB-2026-012458

AFFECTED PRODUCTS

vendor:	civetweb	model:	civetweb	scope:	eq	version:	1.16	Trust: 1.8
vendor:	civetweb	model:	civetweb	scope:	-	version:	-	Trust: 0.8
vendor:	civetweb	model:	civetweb	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-012458 // NVD: CVE-2026-5789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-5789
value:	HIGH
Trust: 1.0
cve-coordination@incibe.es:	CVE-2026-5789
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-5789
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-5789
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-5789
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-012458 // NVD: CVE-2026-5789 // NVD: CVE-2026-5789

PROBLEMTYPE DATA

problemtype:	CWE-428	Trust: 1.0
problemtype:	unquoted search path or element (CWE-428) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-012458 // NVD: CVE-2026-5789

PATCH

title:

Search path without quotes in CivetWeb | INCIBE-CERT | INCIBE

url:

https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb

Trust: 0.8

sources: JVNDB: JVNDB-2026-012458

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5789	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-012458	Trust: 0.8

sources: JVNDB: JVNDB-2026-012458 // NVD: CVE-2026-5789

REFERENCES

url:	https://www.incibe.es/en/incibe-cert/notices/aviso/search-path-without-quotes-civetweb	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5789	Trust: 0.8

sources: JVNDB: JVNDB-2026-012458 // NVD: CVE-2026-5789

SOURCES

db:	JVNDB	id:	JVNDB-2026-012458
db:	NVD	id:	CVE-2026-5789

LAST UPDATE DATE

2026-06-19T23:15:13.383000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-012458	date:	2026-04-24T02:40:00
db:	NVD	id:	CVE-2026-5789	date:	2026-04-22T17:36:36.280

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-012458	date:	2026-04-24T00:00:00
db:	NVD	id:	CVE-2026-5789	date:	2026-04-21T15:16:37.713