Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
CVE-2020-37247: Kite 4.2.0.1 U1: Malicious code can run with high privileges
CVE-2020-37247
Summary
A vulnerability in Kite's Windows service allows local attackers to run malicious code with high system privileges. This could lead to unauthorized changes to the system or data theft. Update to the latest version of Kite to fix this issue.
Original title
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attacker...
Original description
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.
nvd CVSS3.1
7.8
nvd CVSS4.0
8.5
Vulnerability type
CWE-428
Published: 16 May 2026 · Updated: 23 May 2026 · First seen: 16 May 2026