Primary

Context

Cloudflare WARP for Windows Privilege Escalation Vulnerability via Unquoted Service Path

Vulnerability

A privilege escalation vulnerability has been identified in Cloudflare WARP for Windows, in versions prior to 1.2.2695.1. The issue arises from an unquoted service path, which allows a malicious user or process with non-administrative privileges to gain administrative rights by exploiting this flaw. The vulnerability has been addressed in version 1.2.2695.1 by adding quotes around the service's binary path.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user or process to gain administrative rights on the system.

Remediation

Users can upgrade to Cloudflare WARP for Windows version 1.2.2695.1 or later to address this vulnerability.

Added: Mar 11, 2026, 6:52 PM

Updated: Mar 11, 2026, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare WARP for Windows Privilege Escalation Vulnerability via Unquoted Service Path

Vulnerability

Impact

Remediation

Affected Products

Cloudflare WARP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating