HIGHCVE-2026-2542Published 2026-02-16Modified 2026-02-23CNA VulDB

CVE-2026-2542: Total VPN win-service.exe unquoted search path

A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / Total VPN
0.5.29.0

CVSS Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

References

VDB-346127 | Total VPN win-service.exe unquoted search path
VDB-346127 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #749365 | Total VPN Total VPN for Windows 0.5.29.0 Unquoted Service Path
github.com

Metrics