Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Clevo HotKey Clipboard Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

Exploited

A privilege escalation vulnerability has been identified in Clevo HotKey Clipboard version 2.1.0.6. The issue arises from an unquoted service path in the HKClipSvc service, which can be exploited by local, non-privileged users to execute arbitrary code with system privileges. The vulnerability allows attackers to inject and run malicious executables by placing them in specific locations within the file system.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated system privileges.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in a location that takes advantage of the unquoted service path. Once the executable is in place, the HKClipSvc service can be restarted, triggering the execution of the malicious code with system privileges.

Added: Jan 13, 2026, 11:53 PM

Updated: Jan 13, 2026, 11:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.0

threat

8.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.0

threat

8.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Clevo HotKey Clipboard Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating