Unquoted Search Path Vulnerability in Punto Switcher by Yandex
CVE-2026-25865

8.5HIGH

Key Information:

Vendor

Yandex

Status
Punto Switcher
Vendor
CVE Published:
18 June 2026

What is CVE-2026-25865?

Punto Switcher versions up to 4.5.0.583 are susceptible to an unquoted search path element vulnerability that permits local attackers to execute arbitrary code. This arises from the application calling WinExec without a fully qualified path for RunDll32.exe, particularly when invoking shell32.dll Control_RunDLL input.dll. By placing a malicious executable earlier in the search order, attackers can exploit this flaw to gain execution capabilities in the context of the affected user.

Affected Version(s)

Punto Switcher 0 <= 4.5.0.583

References

https://spektion.com/articles/cve-2026-25865-punto-switcher
vendor-advisory
https://yandex.ru/soft/punto
product
https://www.vulncheck.com/advisories/punto-switcher-unquo...
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Spektion Research Team
VulnCheck
.