CVE-2020-36958

HIGH

Kite 1.2020.1119.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36958. PoCs published by Ismael Nava.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in Kite 1.2020.1119.0. The author demonstrates how the service path lacks quotes, which could allow local privilege escalation if an attacker places a malicious executable in a higher-level directory.

Description

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.

Exploits (1)

exploitdb WRITEUP
by Ismael Nava · textlocalwindows
https://www.exploit-db.com/exploits/49205

This is a technical writeup detailing an unquoted service path vulnerability in Kite 1.2020.1119.0. The author demonstrates how the service path lacks quotes, which could allow local privilege escalation if an attacker places a malicious executable in a higher-level directory.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Kite 1.2020.1119.0
Auth required
Prerequisites: Local access to the system · Ability to write to a directory higher in the path hierarchy
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Various Sources product
https://www.kite.com/
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49205

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Kite/Kite < 1.2020.1119.0
Published Jan 26, 2026
Tracked Since Feb 18, 2026