CVE-2021-47974
published 2026-05-16CVE-2021-47974: VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.12%
2.2th percentile
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vxsearch | vx_search | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Vxsearch VX Search 13.5.28 Search Enterprise Service unquoted search path (Exploit 50026 / EUVD-2021-34831)
vuldb·2026-05-16·CVSS 8.5
CVE-2021-47974 [HIGH] Vxsearch VX Search 13.5.28 Search Enterprise Service unquoted search path (Exploit 50026 / EUVD-2021-34831)
A vulnerability was found in Vxsearch VX Search 13.5.28 and classified as problematic. This issue affects some unknown processing of the component Search Enterprise Service. The manipulation results in unquoted search path.
This vulnerability was named CVE-2021-47974. The attack needs to be approached locally. In addition, an exploit is available.
GHSA
GHSA-2jpw-mvcx-5wqh: VX Search 13
ghsa_unreviewed·2026-05-16
CVE-2021-47974 [HIGH] CWE-428 GHSA-2jpw-mvcx-5wqh: VX Search 13
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSystem privileges when services restart.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-16
Published