Command Injection Vulnerability in upKeeper Instant Privilege Access by upKeeper Solutions
CVE-2026-2449

9CRITICAL

Key Information:

Vendor: Upkeeper Solutions
Status: Upkeeper Instant Privilege Access
Vendor: CVE Published:; 14 April 2026

🔔 Create Upkeeper Solutions Vulnerability Alert

What is CVE-2026-2449?

The vulnerability involves improper neutralization of argument delimiters in a command, leading to an argument injection weakness in upKeeper Instant Privilege Access. This allows an attacker to hijack a privileged thread of execution, potentially compromising system integrity. Users of versions up to 1.5.0 are particularly at risk and should take immediate action to mitigate the threat.

Affected Version(s)

upKeeper Instant Privilege Access 0 <= 1.5.0

References

https://support.upkeeper.se/hc/en-us/articles/26783425404...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 13, 2026

Credit

Tony Nilsson

CVE-2026-2449 Data

JSON