Description
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
Published: 2026-06-19
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation flaw in the DragonUpdater service caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can place a malicious executable in the service path and trigger its execution by restarting the service or rebooting the system, allowing arbitrary code to run with elevated privileges. This weakness, classified as CWE‑428, enables a local actor to gain full control of the affected machine.

Affected Systems

Comodo Dragon Browser on Windows, versions up to 52.15.25.663. The DragonUpdater service runs as SYSTEM and the flaw is exploitable by users who have local write permission in the service’s directory. Based on the description, it is inferred that remote exploitation is not possible.

Risk and Exploitability

The CVSS score of 8.5 marks the vulnerability as high severity. The EPSS score is not available. Because the flaw requires local write access and the ability to restart the service or reboot the system, the attack vector is local only. Based on the description, it is inferred that remote exploitation is not possible. The vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation has been reported. However, the attack is straightforward for a local user or insider, making it a high‑impact risk for any machine with the affected browser installed.

Generated by OpenCVE AI on June 19, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Comodo Dragon Browser update that corrects the unquoted service path or configures the DragonUpdater service to run with least privilege.
  • If no patch is available, disable or uninstall Dragon Browser, or disable the DragonUpdater service to eliminate the attack surface. Do not allow the service to start automatically during boot.
  • Restrict file permissions on the directory containing the DragonUpdater executable so that only the SYSTEM account can modify it, preventing a user from inserting a malicious binary.

Generated by OpenCVE AI on June 19, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Comodo
Comodo dragon Browser
Vendors & Products Comodo
Comodo dragon Browser

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
Title Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Comodo Dragon Browser
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T19:33:37.550Z

Reserved: 2026-06-19T13:20:43.098Z

Link: CVE-2016-20090

cve-icon Vulnrichment

Updated: 2026-06-22T19:33:34.085Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:36:05Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element