CVE-2020-36953

HIGH

MiniTool ShadowMaker 3.2 - Local Privilege Escalation

Title source: llm

Description

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.

Exploits (1)

exploitdb WRITEUP
by Thalia Nieto · textlocalwindows
https://www.exploit-db.com/exploits/49336

References (3)

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 0.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Minitool/MiniTool ShadowMaker < 3.2
Published Jan 26, 2026
Tracked Since Feb 18, 2026