CVE-2020-36958
Published: 26 January 2026
Summary
CVE-2020-36958 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Kite (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2020-36958 is an unquoted service path vulnerability in Kite version 1.2020.1119.0, affecting the KiteService Windows service. The vulnerability stems from the service path 'C:\Program Files\Kite\KiteService.exe' not being properly quoted, which can allow local attackers to potentially execute arbitrary code by exploiting the unquoted path.
Local attackers with low privileges (AV:L/PR:L) can exploit this vulnerability with low complexity and no user interaction required. By placing malicious executables in specific directories that the Windows service loader traverses before reaching the legitimate executable, attackers can achieve arbitrary code execution and privilege escalation on the system, with high impacts on confidentiality, integrity, and availability (CVSS v3.1 score of 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue is classified under CWE-428 (Unquoted Search Path or Element).
Advisories and references include an exploit published on Exploit-DB at https://www.exploit-db.com/exploits/49205, the vendor site at https://www.kite.com/, and a detailed advisory from VulnCheck at https://www.vulncheck.com/advisories/kite-kiteservice-unquoted-service-path. No specific patches or mitigations are detailed in the CVE description.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30852
Vulnerability details
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the…
more
system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path in KiteService.exe directly enables path interception by placing a malicious executable in an earlier directory searched by the Windows service loader (T1574.009).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires establishing and implementing secure configuration settings for system components, including properly quoting Windows service executable paths to directly prevent unquoted service path vulnerabilities like CVE-2020-36958.
Mandates timely identification, reporting, and correction of system flaws, such as the unquoted service path in KiteService, to remediate the vulnerability before exploitation.
Vulnerability scanning monitors for and identifies specific issues like unquoted service paths in CVE-2020-36958 during periodic assessments of the system.