Primary

Context

upKeeper Solutions upKeeper Instant Privilege Access Argument Injection Vulnerability Allowing Privileged Thread Hijacking

Vulnerability

A command injection vulnerability has been identified in upKeeper Solutions upKeeper Instant Privilege Access, affecting versions through 1.5.0. This vulnerability arises from improper neutralization of argument delimiters, allowing commands to be injected into the application's internal communications. Exploitation of this issue enables hijacking of a privileged thread of execution, with injected commands being executed under the rights and context of the local upKeeper Instant Privilege service.

Impact

Exploitation of this vulnerability allows for unauthorized command execution within the upKeeper Instant Privilege client service, using the privileges of the local upKeeper Instant Privilege service.

Remediation

Users can update to upKeeper Instant Privilege Access version 1.6.0.4576 or later to address this vulnerability.

Added: Apr 14, 2026, 12:20 PM

Updated: Apr 14, 2026, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

upKeeper Solutions upKeeper Instant Privilege Access Argument Injection Vulnerability Allowing Privileged Thread Hijacking

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating