CVE-2026-2449 PUBLISHED

Assigner: upKeeper
Reserved: 13.02.2026 Published: 14.04.2026 Updated: 14.04.2026

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9

Product Status

Vendor upKeeper Solutions
Product upKeeper Instant Privilege Access
Versions Default: unaffected
  • affected from 0 to 1.5.0 (incl.)

Credits

  • Tony Nilsson finder

References

Problem Types

  • CWE-88 Improper neutralization of argument delimiters in a command ('argument injection') CWE

Impacts

  • CAPEC-30 Hijacking a Privileged Thread of Execution