CVE-2026-10745
Received Received - Intake
Log Injection in upKeeper Instant Privilege Access

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: upKeeper

Description
Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-10745
EUVD
EUVD-2026-38731
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
upkeeper instant_privilege_access to 1.6.1 (inc)
upkeeper_solutions upkeeper_instant_privilege_access to 1.6.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10745 is an improper output neutralization for logs vulnerability in upKeeper Instant Privilege Access on Windows. It allows users to insert restricted characters or commands into request text that gets saved into application logs without proper neutralization.

This means that malicious input can be logged in a way that could be interpreted or executed by other systems that process these logs, leading to log injection, tampering, or forging.

Impact Analysis

The vulnerability can lead to compromise of systems that analyze or execute the log content exported from upKeeper Instant Privilege Access.

Attackers could exploit this to inject malicious commands or tamper with logs, potentially leading to unauthorized actions, data manipulation, or further system compromise.

Detection Guidance

This vulnerability involves improper output neutralization for logs, where restricted characters or commands can be included in request text and saved to application logs.

To detect this vulnerability on your system, you should review the logs of upKeeper Instant Privilege Access (versions through 1.6.1) for suspicious entries containing unusual or restricted characters that could indicate log injection attempts.

Since the vulnerability relates to log content, commands to search for suspicious patterns in log files could include using tools like grep on the log files to find unexpected characters or command sequences.

  • Example command: grep -P '[\x00-\x1F\x7F]' /path/to/upkeeper/logfile.log
  • Example command: grep -E '(;|&&|\|\|)' /path/to/upkeeper/logfile.log

These commands search for control characters or command separators that might indicate log injection attempts.

Mitigation Strategies

The immediate mitigation step is to upgrade upKeeper Instant Privilege Access to version 1.7.0.5739 or later, where this vulnerability has been addressed.

Until the upgrade can be applied, monitor logs closely for suspicious entries and restrict access to log files to prevent exploitation through log injection.

Compliance Impact

The provided information does not specify how the CVE-2026-10745 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart