Description
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the MBAMService executable of Malwarebytes version 4.5, wherein the service file path is unquoted. This allows a local attacker to place malicious executables in directories that are part of the service’s path. When the system boots or the service restarts, those files run with LocalSystem privileges, giving the attacker full control over the host. The weakness is classified as CWE‑428 and results in the attacker gaining elevated privileges to execute arbitrary code.

Affected Systems

Users who have installed Malwarebytes 4.5 on Windows and whose MBAMService configuration contains an unquoted executable path are at risk. Only this version and platform combination is documented in the CNA data; other versions are not indicated as affected.

Risk and Exploitability

The CVSS score of 8.5 marks this issue as high severity, and with EPSS not available the exploitation likelihood is unclear. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local access and the ability to write to the system root path. If an attacker can place a file in the unquoted path, they can execute code with LocalSystem rights, potentially compromising the entire system.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Malwarebytes to a patched version that correctly quotes the MBAMService executable path.
  • If an upgrade cannot be performed immediately, locate the Windows service definition for MBAMService and edit the image path to be fully quoted, ensuring no unescaped spaces or subdirectories remain.
  • After applying the change, restart the MBAMService service or reboot the system so the corrected path takes effect.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Malwarebytes
Malwarebytes malwarebytes
Vendors & Products Malwarebytes
Malwarebytes malwarebytes

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
Title Malwarebytes 4.5 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Malwarebytes Malwarebytes
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:53.479Z

Reserved: 2026-01-11T13:34:26.334Z

Link: CVE-2022-50971

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:15:16Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element