Unquoted Service Path Vulnerability in WibuKey Runtime by Wibu
CVE-2021-47810

8.5HIGH

Key Information:

Vendor

Wibu

Status
Wibukey Runtime
Vendor
CVE Published:
15 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-47810?

WibuKey Runtime version 6.51 is susceptible to a local code execution vulnerability due to an unquoted service path in the WkSvW32.exe service. This flaw allows local attackers to potentially execute arbitrary code through the exploitation of the unquoted executable path located at 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe'. An adversary could craft a malicious executable that could be executed with escalated privileges when this service is started. Users and administrators should promptly review their installations of WibuKey Runtime and apply mitigations to prevent exploitation.

Affected Version(s)

WibuKey Runtime 6.51

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-47810 - Proof of Concept

References

https://www.exploit-db.com/exploits/49999
exploit
https://www.wibu.com
product
https://www.wibu.com/us/support/user/downloads-user-softw...
product

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brian Rodriguez
JSON
.