CVE-2026-33253

Summary

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
SANYO DENKI CO., LTD.SANUPS SOFTWARE STANDALONEVer.1.0.1 to Ver.1.1.4affected
SANYO DENKI CO., LTD.SANUPS SOFTWAREVer.2.0.0 to Ver.2.0.2affected
SANYO DENKI CO., LTD.SANUPS SOFTWAREVer.1.0.0 to Ver.1.1.4affected

Weaknesses

  • CWE-428: Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References