CVE-2016-20055 HIGH

CVE-2016-20055: IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation

Vendor Iobit
Product IObit Advanced SystemCare
Weakness CWE-428
Published April 4, 2026
Last update April 6, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

Key dates

02Disclosure timeline

April 4, 2026 CVE published
April 6, 2026 Record updated