Primary

Context

Outline Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Outline version 1.6.0 due to an unquoted service path in the OutlineService executable. This flaw allows local attackers to execute arbitrary code with elevated privileges, as the injected code would run with LocalSystem rights.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with high-level system privileges, potentially allowing for significant changes to the system or access to sensitive information.

Reproduction

The vulnerability can be reproduced by using the Windows Management Instrumentation Command-line (WMIC) to identify services with unquoted paths. The 'OutlineService' can be queried to reveal its binary path, which is unquoted and could be exploited to execute arbitrary code with elevated privileges.

Added: Jan 13, 2026, 11:45 PM

Updated: Jan 13, 2026, 11:45 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

7.5

exploitability

5.4

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Outline Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Outline

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating