CVE-2021-47859

HIGH

ActivIdentity 8.2 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47859. PoCs published by SamAlucard.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in ActivIdentity 8.2. The vulnerability allows local privilege escalation due to improper handling of spaces in the service path.

Description

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges.

Exploits (1)

exploitdb WRITEUP

by SamAlucard · textlocalwindows

https://www.exploit-db.com/exploits/49703

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in ActivIdentity 8.2. The vulnerability allows local privilege escalation due to improper handling of spaces in the service path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ActivIdentity 8.2

Auth required

Prerequisites: Local access to the system · Ability to write to the root of C:\

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49703

Various Sources product

https://www.hidglobal.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/actividentity-acsharedstore-unquoted-service-path

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

HID Global/ActivIdentity 8.2

Published Jan 21, 2026

Tracked Since Feb 18, 2026