Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Total VPN on Windows May Allow Unwanted Programs to Run
CVE-2026-2542
Summary
A flaw in Total VPN 0.5.29.0 on Windows could allow an attacker to run unauthorized programs on a user's computer. This could happen if a user interacts with the Total VPN service in a certain way. We recommend checking with the vendor for an update or patch to resolve this issue.
Original title
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manip...
Original description
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.0
nvd CVSS3.1
7.0
nvd CVSS4.0
7.3
Vulnerability type
CWE-426
CWE-428
Published: 16 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026