CVE-2026-20772 - Vulnerability Details

- Privilege Escalation via Uncontrolled Search Path in Intel Connectivity Performance Suite Installers

Description

Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Published: 2026-05-12

Score: 5.4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Uncontrolled search path in Intel Connectivity Performance Suite installers allows an authenticated user to gain elevated privileges with high attack complexity and user interaction. The weakness is a classic environment path manipulation flaw (CWE-427) that can compromise confidentiality, integrity, and availability of the local system.

Affected Systems

Intel Connectivity Performance Suite installers before version 50.25.1121.193 on systems running the software; the issue appears in user‑space applications running with Ring 3 privileges.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, and there is no EPSS score available. The vulnerability is not listed in CISA KEV. Exploitation requires an authenticated user and a high‑complexity attack, typically through local access and active user interaction, so it is unlikely to be remotely exploitable in the current form.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) Connectivity Performance Suite software installers

unaffected

Version	Status	Constraints
`before version 50.25.1121.193`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Connectivity Performance Suite to version 50.25.1121.193 or later, which removes the uncontrolled search path.
Run the installer from a trusted directory and ensure the system PATH does not contain untrusted entries before execution.
Avoid using older installer packages that include the vulnerable path handling.

Generated by OpenCVE AI on May 12, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01429.html

History

Tue, 12 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Uncontrolled Search Path in Intel Connectivity Performance Suite Installers

Tue, 12 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Weaknesses		CWE-427
References		https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01429.html
Metrics		cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2026-05-12T16:34:42.629Z

Updated: 2026-05-13T03:58:30.263Z

Reserved: 2025-12-03T17:58:55.232Z

Link: CVE-2026-20772

Vulnrichment

Updated: 2026-05-12T17:18:07.702Z

NVD

Status : Received

Published: 2026-05-12T17:16:18.263

Modified: 2026-05-12T17:16:18.263

Link: CVE-2026-20772

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T17:30:21Z

Weaknesses

CWE-427

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object