EIP-2026-118137

PRE-CVE

Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118137. PoCs published by Tulpa.

AI-analyzed exploit summary This writeup describes an unquoted service path vulnerability in Wisecleaner software (Wise Care 365 4.27 and Wise Disk Cleaner 9.29) that allows local privilege escalation to SYSTEM via executable placement in the system root path.

Description

Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Tulpa · textlocalwindows

https://www.exploit-db.com/exploits/40417

View Code ZIP pw:eip

This writeup describes an unquoted service path vulnerability in Wisecleaner software (Wise Care 365 4.27 and Wise Disk Cleaner 9.29) that allows local privilege escalation to SYSTEM via executable placement in the system root path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Wise Care 365 4.27, Wise Disk Cleaner 9.29

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026