Description
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an unquoted service path in the SAPSprint service binary. When the service starts automatically on Windows, a malicious executable placed in the directory that holds the service binary is invoked with LocalSystem privileges, allowing an attacker who can run code on the host to achieve system‑level access. This weakness corresponds to CWE‑428 and carries a CVSS score of 8.5.

Affected Systems

Brother SAPSprint version 7.60, deployed on Windows operating systems, is affected. Any installation that runs the SAPSprint service without quoting the executable path is vulnerable. This applies to all machines where the service is enabled and starts automatically.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, implying no known widespread exploitation yet. Nonetheless, the local attack vector is straightforward: the attacker must have local user privileges sufficient to write to the Program Files directory used by the service. Upon creating a malicious payload and restarting the service, the exploit elevates privileges to LocalSystem, providing unrestricted access to the system.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied update that correctly quotes the service path.
  • If a patch is not immediately available, modify the service configuration to quote the path to the SAPSprint binary so that arbitrary executables in the directory are not executed.
  • Limit write permissions on the Program Files directory used by the service or temporarily disable the SAPSprint service until the patch is applied.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.
Title Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:52.808Z

Reserved: 2026-06-19T13:09:21.117Z

Link: CVE-2021-47985

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:15:16Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element