Skip to main content

Upkeeper Instant Privilege Access

3 CVEs product

Monthly

CVE-2026-10745 HIGH This Week

Log injection in upKeeper Instant Privilege Access through 1.6.1 on Windows allows remote unauthenticated attackers to forge, tamper with, or inject crafted entries into application logs by smuggling unneutralized control characters through logged inputs. The flaw (CWE-117) does not directly compromise the upKeeper agent itself but produces high integrity, confidentiality, and availability impact on subsequent log-consuming systems (SIEM, audit pipelines). No public exploit identified at time of analysis and the CVE is not present in CISA KEV.

Microsoft Code Injection Upkeeper Instant Privilege Access
NVD VulDB
CVSS 4.0
7.9
EPSS
0.3%
CVE-2026-2450 HIGH This Week

Misconfigured .NET impersonation in upKeeper Instant Privilege Access through version 1.5.0 enables authenticated remote attackers to hijack privileged execution threads, leading to high confidentiality and integrity impact on underlying system resources. The vulnerability requires low-level privileges and presents network-based attack vector with high complexity. No public exploit identified at time of analysis, and CISA SSVC framework classifies this as non-automatable with partial technical impact. EPSS data not available for risk quantification.

Information Disclosure Upkeeper Instant Privilege Access
NVD VulDB
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-2449 CRITICAL Act Now

Argument injection in upKeeper Instant Privilege Access through version 1.5.0 enables remote authenticated attackers to hijack privileged execution threads via manipulated command delimiters. The network-accessible attack vector combined with high confidentiality, integrity, and availability impacts across both vulnerable and subsequent systems creates critical risk for privilege escalation scenarios. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though vendor self-disclosure suggests potential for targeted abuse.

Code Injection Upkeeper Instant Privilege Access
NVD VulDB
CVSS 4.0
9.0
EPSS
0.1%
EPSS 0% CVSS 7.9
HIGH This Week

Log injection in upKeeper Instant Privilege Access through 1.6.1 on Windows allows remote unauthenticated attackers to forge, tamper with, or inject crafted entries into application logs by smuggling unneutralized control characters through logged inputs. The flaw (CWE-117) does not directly compromise the upKeeper agent itself but produces high integrity, confidentiality, and availability impact on subsequent log-consuming systems (SIEM, audit pipelines). No public exploit identified at time of analysis and the CVE is not present in CISA KEV.

Microsoft Code Injection Upkeeper Instant Privilege Access
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Misconfigured .NET impersonation in upKeeper Instant Privilege Access through version 1.5.0 enables authenticated remote attackers to hijack privileged execution threads, leading to high confidentiality and integrity impact on underlying system resources. The vulnerability requires low-level privileges and presents network-based attack vector with high complexity. No public exploit identified at time of analysis, and CISA SSVC framework classifies this as non-automatable with partial technical impact. EPSS data not available for risk quantification.

Information Disclosure Upkeeper Instant Privilege Access
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Argument injection in upKeeper Instant Privilege Access through version 1.5.0 enables remote authenticated attackers to hijack privileged execution threads via manipulated command delimiters. The network-accessible attack vector combined with high confidentiality, integrity, and availability impacts across both vulnerable and subsequent systems creates critical risk for privilege escalation scenarios. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though vendor self-disclosure suggests potential for targeted abuse.

Code Injection Upkeeper Instant Privilege Access
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy