EIP-2026-117927

PRE-CVE

SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117927. PoCs published by Halil Dalabasmaz.

AI-analyzed exploit summary This is a vulnerability writeup describing an unquoted service path privilege escalation in SolarWinds Kiwi Syslog Server. The issue allows local users to execute arbitrary code with elevated privileges by exploiting the service's path configuration.

Description

SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Halil Dalabasmaz · textlocalwindows

https://www.exploit-db.com/exploits/40393

View Code ZIP pw:eip

This is a vulnerability writeup describing an unquoted service path privilege escalation in SolarWinds Kiwi Syslog Server. The issue allows local users to execute arbitrary code with elevated privileges by exploiting the service's path configuration.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: SolarWinds Kiwi Syslog Server 9.5.1

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026