CVE-2026-2542
Unquoted Search Path Vulnerability in Total VPN win-service.exe
Publication date: 2026-02-16
Last updated on: 2026-02-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| total_vpn | total_vpn | 0.5.29.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the service path of the Total VPN Windows service (win-service.exe) for unquoted spaces.'}, {'type': 'list_item', 'content': 'Use the command to query the service path: sc qc "Total VPN"'}, {'type': 'list_item', 'content': 'Look for spaces in the ImagePath value that are not enclosed in quotation marks.'}, {'type': 'list_item', 'content': 'Additionally, check if a file named "Program.exe" exists in the root of the C:\\ drive, as placing a malicious executable there can exploit this vulnerability.'}] [3]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation by allowing an attacker to execute arbitrary code with the privileges of the Total VPN service.
Exploitation can compromise the confidentiality, integrity, and availability of the affected system by enabling unauthorized code execution and potential data compromise or alteration of system functionality.
Since the attack requires local access and is complex, the risk is limited to attackers who already have some level of access to the system.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2542 is an unquoted service path vulnerability found in Total VPN version 0.5.29.0 on Windows. The issue arises because the service path for the executable file win-service.exe contains spaces but lacks quotation marks. This allows Windows to misinterpret the path during service startup.'}, {'type': 'paragraph', 'content': 'A local attacker can exploit this by placing a malicious executable named "Program.exe" in the root of the C:\\ drive. When the Total VPN service restarts, Windows may execute this malicious executable instead of the legitimate service executable, leading to code execution with the privileges of the Total VPN service.'}, {'type': 'paragraph', 'content': 'The attack is complex and requires local access. Exploitation is considered difficult, and no public exploit currently exists. The vendor was contacted but did not respond.'}] [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
Currently, no official vendor response or patch is available for this vulnerability.
Immediate mitigation steps include:
- Avoid placing any executable files in directories that could be interpreted due to the unquoted service path, especially the root of the C:\ drive.
- Manually edit the service path to include quotation marks around the executable path if possible.
- Consider replacing the affected Total VPN product with an alternative VPN solution that is not vulnerable.
- Restrict local user permissions to prevent unauthorized file creation in critical directories.