EIP-2026-117924

PRE-CVE

SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117924. PoCs published by Halil Dalabasmaz.

AI-analyzed exploit summary This advisory details an unquoted service path privilege escalation vulnerability in SolarWinds Kiwi CatTools 3.11.0, where the service executable path lacks quotes, allowing local users to escalate privileges by inserting malicious executables in the system root path.

Description

SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Halil Dalabasmaz · textlocalwindows

https://www.exploit-db.com/exploits/40400

View Code ZIP pw:eip

This advisory details an unquoted service path privilege escalation vulnerability in SolarWinds Kiwi CatTools 3.11.0, where the service executable path lacks quotes, allowing local users to escalate privileges by inserting malicious executables in the system root path.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: SolarWinds Kiwi CatTools 3.11.0

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026