Description
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Published: 2026-04-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

NETGATE Registry Cleaner build 16.0.205 suffers from an unquoted service path flaw (CWE-428) in the NGRegClnSrv service. The vulnerability permits a local actor to place a malicious executable in the unquoted binary path and trigger a service restart or system reboot, causing the exploit to run with LocalSystem privileges. This grants the attacker full control over the affected Windows system, enabling arbitrary code execution, configuration changes, or further lateral movement.

Affected Systems

The affected product is Netgate Registry Cleaner version 16.0.205. No other builds are listed as vulnerable, and earlier or later releases have no reported issues in the available data.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, indicating high severity. No EPSS score is available, and it is not listed in CISA's KEV catalog. The attack vector is inferred to be local: an attacker must have the ability to write to the service directory and force a restart or reboot. While remote exploitation is not supported by the description, the apparent local requirement means that physical or logged-in user access can lead to a complete system compromise.

Generated by OpenCVE AI on April 4, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-provided patch or upgrade to a newer version that corrects the unquoted service path.
  • If an upgrade is not immediately possible, place quotation marks around the NGRegClnSrv service executable path in the Windows registry or move the executable to a location without spaces.
  • Remove any unexpected or malicious executables from the NGRegClnSrv service directory to prevent accidental execution.
  • Disable automatic service restarts or scheduled reboots that could trigger the flaw, if feasible.
  • Monitor Netgate's website and security advisories for additional patches or updates.

Generated by OpenCVE AI on April 4, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Netgate registry Cleaner
CPEs cpe:2.3:a:netgate:registry_cleaner:*:*:*:*:*:*:*:*
Vendors & Products Netgate registry Cleaner

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Netgate
Netgate netgate Registry Cleaner
Vendors & Products Netgate
Netgate netgate Registry Cleaner

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Title NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Netgate Netgate Registry Cleaner Registry Cleaner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:43:10.464Z

Reserved: 2026-04-04T13:39:28.719Z

Link: CVE-2016-20057

cve-icon Vulnrichment

Updated: 2026-04-06T16:43:04.768Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-04T14:16:18.223

Modified: 2026-04-20T14:25:56.493

Link: CVE-2016-20057

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:54Z

Weaknesses