CVE-2020-36953

HIGH

MiniTool ShadowMaker 3.2 - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36953. PoCs published by Thalia Nieto.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in MiniTool ShadowMaker 3.2. The vulnerability allows local privilege escalation due to the service path containing spaces and lacking quotes, enabling an attacker to place a malicious executable in the path.

Description

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.

Exploits (1)

exploitdb WRITEUP
by Thalia Nieto · textlocalwindows
https://www.exploit-db.com/exploits/49336

This is a technical writeup detailing an unquoted service path vulnerability in MiniTool ShadowMaker 3.2. The vulnerability allows local privilege escalation due to the service path containing spaces and lacking quotes, enabling an attacker to place a malicious executable in the path.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: MiniTool ShadowMaker 3.2
Auth required
Prerequisites: Local access to the system · Ability to write to the directory containing the unquoted path
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49336
Various Sources product
https://www.minitool.com

Scores

CVSS v3 7.8
EPSS 0.0017
EPSS Percentile 6.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Minitool/MiniTool ShadowMaker < 3.2
Published Jan 26, 2026
Tracked Since Feb 18, 2026