EIP-2026-117231

PRE-CVE

Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117231. PoCs published by SamAlucard.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in Genexus Protection Server 9.6.4.2. The service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the path.

Description

Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by SamAlucard · textlocalwindows

https://www.exploit-db.com/exploits/49007

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in Genexus Protection Server 9.6.4.2. The service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: Genexus Protection Server 9.6.4.2

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted service path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026