Description
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Windows Firewall Control 4.8.6.0 contains an unquoted service path flaw that permits a local attacker to install a malicious executable in the directory referenced by the wfcs.exe service. Upon restarting the service or rebooting, the executable runs with LocalSystem privileges, effectively giving the attacker full control of the affected machine. The weakness is a classic unquoted service path problem (CWE‑428) that elevates local privileges to system level.

Affected Systems

The vulnerability affects Binisoft's Windows Firewall Control product, version 4.8.6.0. No additional affected versions are listed.

Risk and Exploitability

The CVSS score of 8.5 indicates a high risk level for this local privilege escalation vulnerability, but the EPSS score is not available, so the current exploit probability cannot be quantified. It is not catalogued in CISA’s KEV list, suggesting no known widespread exploitation at this time. Attackers would need local access to the target machine to place a malicious executable in the unquoted service path and then trigger a service restart or system boot to achieve escalation.

Generated by OpenCVE AI on June 19, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Binisoft update that resolves the unquoted service path issue for the wfcs.exe service.
  • Stop the wfcs.exe service and modify its configuration to quote the service path or relocate the service binary to a directory without spaces to eliminate potential execution of malicious files.
  • Restrict the service’s execution directories by setting strict ACLs and removing any non‑trusted directories from the service path.

Generated by OpenCVE AI on June 19, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
Title Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:45.179Z

Reserved: 2026-06-19T13:22:11.242Z

Link: CVE-2016-20091

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:00:11Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element