CVE-2021-47787 HIGH

CVE-2021-47787: TotalAV 5.15.69 - Unquoted Service Path

Vendor Totalav
Product TotalAV
Weakness CWE-428
Published January 15, 2026
Last update April 7, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Key dates

02Disclosure timeline

January 15, 2026 CVE published
April 7, 2026 Record updated