Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path | Advisories

Advisories

Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

severity: high
date: January 15, 2026
Affecting: Sync Breeze 13.6.18
CVE: CVE-2021-47807
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-50023
Vendor Homepage
Credit: Brian Rodriguez
Description: Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.