CVE-2022-50971 | Malwarebytes 4.5 contains an unquoted service path vulnerabi… | CVSS 7.8 HIGH

Description

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.

Metadata

CVE ID: CVE-2022-50971
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-01-11 13:34 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Malwarebytes / Malwarebytes
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Malwarebytes	Malwarebytes	—	4.5.0

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-50806 https://www.exploit-db.com/exploits/50806
Official Product Homepage https://www.malwarebytes.com/
Product Reference https://www.malwarebytes.com/mwb-download/
VulnCheck Advisory: Malwarebytes 4.5 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/malwarebytes-unquoted-service-path-privilege-escalation