CVE-2026-33253

Description

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

References

• https://jvn.jp/en/jp/JVN90835713/
• https://products.sanyodenki.com/media/document/sanups/H0033413_jp.pdf
• https://products.sanyodenki.com/media/document/sanups/H0033449_en.pdf