CVE-2026-25865 | Punto Switcher through 4.5.0.583 contains an unquoted search… | CVSS 7.8 HIGH

Description

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

Metadata

CVE ID: CVE-2026-25865
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-02-06 19:12 UTC
Published: 2026-06-18 19:39 UTC
Last updated: 2026-06-18 19:39 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Yandex / Punto Switcher
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Yandex	Punto Switcher	—	0 ≤ 4.5.0.583

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)