CVE-2022-50923

HIGH

Cobian Backup 0.9 - Privilege Escalation

Title source: llm

Description

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.

Exploits (1)

exploitdb WRITEUP

by Hejap Zairy Al-Sharif · textlocalwindows

https://www.exploit-db.com/exploits/50810

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.cobiansoft.com//

[Various Sources] https://www.cobiansoft.com/download.php/

[Third Party Advisory] https://www.vulncheck.com/advisories/cobian-backup-unquoted-service-path

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50810

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 7.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

cobiansoft/cobian_backup 0.9.93

Published Jan 13, 2026

Tracked Since Feb 18, 2026