EIP-2026-117796

PRE-CVE

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117796. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in Privacyware Privatefirewall 7.0, where the 'PFNet' service executable path contains spaces and is not enclosed in quotes. This could allow a local user to escalate privileges by placing a malicious executable in a higher-priority path.

Description

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/35322

View Code ZIP pw:eip

The exploit describes an unquoted service path vulnerability in Privacyware Privatefirewall 7.0, where the 'PFNet' service executable path contains spaces and is not enclosed in quotes. This could allow a local user to escalate privileges by placing a malicious executable in a higher-priority path.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: Privacyware Privatefirewall 7.0.30.3

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the system path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026