EIP-2026-117445

PRE-CVE

McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117445. PoCs published by Saud Alenazi.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in McAfee Safe Connect VPN, where the service path lacks quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the system root path. The provided output from 'sc qc SafeConnectService' confirms the vulnerable path.

Description

McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege

Exploits (1)

exploitdb WRITEUP

by Saud Alenazi · textlocalwindows

https://www.exploit-db.com/exploits/50814

View Code ZIP pw:eip

The exploit describes an unquoted service path vulnerability in McAfee Safe Connect VPN, where the service path lacks quotes, potentially allowing local privilege escalation if an attacker can place a malicious executable in the system root path. The provided output from 'sc qc SafeConnectService' confirms the vulnerable path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: McAfee Safe Connect VPN 2.13

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026