How to fix CVE-2026-5789?

Within 24 hours: Inventory all Windows systems running CivetWeb v1.16 and restrict local access to the service through access controls and account permissions. Within 7 days: Apply the vendor-released patch from INCIBE advisory to upgrade CivetWeb beyond v1.16. Within 30 days: Verify patch deployment across all production and non-production systems, validate service functionality post-patching, and review Windows service configurations for any remaining unquoted paths.

Is CivetWeb affected by CVE-2026-5789?

CivetWeb v1.16 contains a local privilege escalation vulnerability affecting Windows deployments where authenticated users can execute arbitrary code with SYSTEM privileges by exploiting unquoted service paths.

CivetWeb CVE-2026-5789

EUVD-2026-24138 HIGH

Unquoted Search Path or Element (CWE-428)

2026-04-21 INCIBE

GHSA-9vxj-j2f7-9mgg

RCE Civetweb

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 16:30 vuln.today

CVSS changed

Apr 21, 2026 - 15:22 NVD

8.5 (HIGH)

DescriptionNVD

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path (C:\Program Files\CivetWeb\CivetWeb.exe --), due to the absence of quotes in the service configuration.

AnalysisAI

Local privilege escalation in CivetWeb v1.16 service allows authenticated users to execute arbitrary code with SYSTEM privileges via unquoted service path exploitation. The Windows service configuration lacks quotes around 'C:\Program Files\CivetWeb\CivetWeb.exe', enabling attackers to place malicious executables in directories scanned before the intended path (e.g., 'C:\Program.exe' or 'C:\Program Files\CivetWeb.exe'). …

RemediationAI

Within 24 hours: Inventory all Windows systems running CivetWeb v1.16 and restrict local access to the service through access controls and account permissions. Within 7 days: Apply the vendor-released patch from INCIBE advisory to upgrade CivetWeb beyond v1.16. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5789 vulnerability details – vuln.today

Back

CivetWeb CVE-2026-5789

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CivetWeb CVE-2026-5789

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code