Lucene search
K

📄 ProtonVPN 4.4.1 Unquoted Service Path

🗓️ 30 Jun 2026 00:00:00Reported by Milad KarimiType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 25 Views

ProtonVPN 4.4.1 exposes unquoted service path enabling local code execution.

Code
# Exploit Title: ProtonVPN v4.4.1 - Unquoted Service Path
    # Date: 2026-06-22
    # Exploit Author: Milad Karimi
    # Contact: [email protected]
    # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
    # Vendor Homepage: https://protonvpn.com/
    # Software Link: https://protonvpn.com/
    
     # Version: 4.4.1
    # Tested on: Windows 10 Pro x64
    
    Description:
    A successful attempt would require the local user to be able to insert
    their code in the system root path undetected by the OS or other security
    applications where it could potentially be executed during application
    startup or reboot. If successful, the local user's code would execute with
    the elevated privileges of the application.
    
    Proof Of Concept:
    PS C:\Users\Emre> sc.exe qc "ProtonVPN Wireguard"
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: ProtonVPN Wireguard
            TYPE : 10 WIN32_OWN_PROCESS
            START_TYPE : 3 DEMAND_START
            ERROR_CONTROL : 1 NORMAL
            BINARY_PATH_NAME : C:\Program Files (x86)\Proton
    Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe
    C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf
            LOAD_ORDER_GROUP :
            TAG : 0
            DISPLAY_NAME : ProtonVPN WireGuard
            DEPENDENCIES : Nsi
                               : TcpIp
            SERVICE_START_NAME : LocalSystem

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

30 Jun 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
25