Primary

Context

Kite Unquoted Service Path Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Kite application version 4.2.0.1 U1. The issue arises from an unquoted service path in the KiteService Windows service. This vulnerability allows local attackers to exploit the service binary path by placing a malicious executable in the Program Files directory. When the service starts, the malicious executable can be executed with LocalSystem privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with the malicious executable being executed under the LocalSystem account, which has extensive rights on the system.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in the Program Files directory. Once the executable is in place, starting the KiteService will trigger the execution of the malicious payload with LocalSystem privileges.

Added: May 16, 2026, 4:29 PM

Updated: May 16, 2026, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

8.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

8.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kite Unquoted Service Path Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Kite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating