CVE-2023-36658

HIGH

OPSWAT MetaDefender KIOSK <4.6.1.9996 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.

References (2)

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 30.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (2)
opswat/media_validation_agent 2.0.0 - 2.0.7
opswat/metadefender_kiosk 4.2 - 4.6.2
Published Sep 15, 2023
Tracked Since Feb 18, 2026