EIP-2026-117805

PRE-CVE

QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117805. PoCs published by Ivan Marmolejo.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in QNAP NetBak Replicator 4.5.6.0607. The vulnerability allows local users to execute arbitrary code with elevated privileges by exploiting the 'QVssService' service path.

Description

QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Ivan Marmolejo · textlocalwindows

https://www.exploit-db.com/exploits/47594

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in QNAP NetBak Replicator 4.5.6.0607. The vulnerability allows local users to execute arbitrary code with elevated privileges by exploiting the 'QVssService' service path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: QNAP NetBak Replicator 4.5.6.0607

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026