EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path | Advisories

Advisories

EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

severity: high
date: January 13, 2026
Affecting: EaseUS Data Recovery 15.1.0.0
CVE: CVE-2022-50914
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-50886
EaseUS Official Homepage
Credit: bios
Description: EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.