Primary

Context

Kite Unquoted Service Path Vulnerability in KiteService Windows Service

Vulnerability

A vulnerability exists in Kite version 1.2020.1119.0 within the KiteService Windows service, characterized by an unquoted service path. This flaw allows local attackers to execute arbitrary code by exploiting the unquoted path in 'C:\Program Files\Kite\KiteService.exe'. Attackers can inject malicious executables to escalate privileges on the system.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with elevated privileges on the affected system.

Reproduction

The vulnerability can be reproduced by injecting a malicious executable into the unquoted service path of the KiteService Windows service. This can be done by exploiting the unquoted path to execute arbitrary code with elevated privileges.

Added: Jan 26, 2026, 6:40 PM

Updated: Jan 26, 2026, 6:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kite Unquoted Service Path Vulnerability in KiteService Windows Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating