Description
Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging.

This issue affects upKeeper Instant Privilege Access: through 1.6.1.
Published: 2026-06-24
Score: 7.9 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper output neutralization for logs in upKeeper Solutions' upKeeper Instant Privilege Access on Windows. Attackers can inject arbitrary characters into log entries, leading to log tampering, forging, and deception. The flaw maps to CWE‑117. Log injection permits falsification of audit trails, thus undermining the integrity and reliability of system logs, which can compromise forensic investigations and hinder detection of other malicious activity.

Affected Systems

Affected products include upKeeper Solutions' upKeeper Instant Privilege Access on Windows, all releases through version 1.6.1. Enterprises running any of these versions are exposed to the log‑injection risk.

Risk and Exploitability

Based on the description, it is inferred that an attacker could inject arbitrary characters into log entries via any input path that is reflected into the logs. With a CVSS base score of 7.9 the flaw is considered high severity, and while it is not listed in the CISA KEV catalog, EPSS data is unavailable, so the current exploitation probability cannot be precisely quantified. Nevertheless, because the injection occurs in log processing, any user or process that can deliver input to the application might trigger the flaw, potentially allowing forged log records that mislead monitoring and forensic efforts.

Generated by OpenCVE AI on June 24, 2026 at 13:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of upKeeper Instant Privilege Access (post‑1.6.1) where the log‑injection fix is applied.
  • Apply any vendor‑released security patches for the product.
  • If an upgrade is not immediately possible, configure logging to strip or escape special characters from input before writing to logs and restrict write access to log files to trusted processes.

Generated by OpenCVE AI on June 24, 2026 at 13:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Title Log Injection Vulnerability Enabling Log Tampering in upKeeper Instant Privilege Access
First Time appeared Upkeeper Solutions
Upkeeper Solutions upkeeper Instant Privlege Access
Vendors & Products Upkeeper Solutions
Upkeeper Solutions upkeeper Instant Privlege Access

Wed, 24 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
Description Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1.
Weaknesses CWE-117
References
Metrics cvssV4_0

{'score': 7.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H'}


Subscriptions

Upkeeper Solutions Upkeeper Instant Privlege Access
cve-icon MITRE

Status: PUBLISHED

Assigner: upKeeper

Published:

Updated: 2026-06-24T12:02:23.752Z

Reserved: 2026-06-03T13:36:31.178Z

Link: CVE-2026-10745

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:45:16Z

Weaknesses
  • CWE-117

    Improper Output Neutralization for Logs