Cyber Resilience

CVE-2020-36958

HighPublic PoC

Published: 26 January 2026

Published
26 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-36958 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Kite (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2020-36958 is an unquoted service path vulnerability in Kite version 1.2020.1119.0, affecting the KiteService Windows service. The vulnerability stems from the service path 'C:\Program Files\Kite\KiteService.exe' not being properly quoted, which can allow local attackers to potentially execute arbitrary code by exploiting the unquoted path.

Local attackers with low privileges (AV:L/PR:L) can exploit this vulnerability with low complexity and no user interaction required. By placing malicious executables in specific directories that the Windows service loader traverses before reaching the legitimate executable, attackers can achieve arbitrary code execution and privilege escalation on the system, with high impacts on confidentiality, integrity, and availability (CVSS v3.1 score of 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue is classified under CWE-428 (Unquoted Search Path or Element).

Advisories and references include an exploit published on Exploit-DB at https://www.exploit-db.com/exploits/49205, the vendor site at https://www.kite.com/, and a detailed advisory from VulnCheck at https://www.vulncheck.com/advisories/kite-kiteservice-unquoted-service-path. No specific patches or mitigations are detailed in the CVE description.

EU & UK References

Vulnerability details

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the…

more

system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
Why these techniques?

Unquoted service path in KiteService.exe directly enables path interception by placing a malicious executable in an earlier directory searched by the Windows service loader (T1574.009).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36928Shared CWE-428
CVE-2023-54336Shared CWE-428
CVE-2020-37048Shared CWE-428
CVE-2019-25306Shared CWE-428
CVE-2020-36979Shared CWE-428
CVE-2020-36929Shared CWE-428
CVE-2020-37017Shared CWE-428
CVE-2021-47859Shared CWE-428
CVE-2019-25309Shared CWE-428
CVE-2021-47790Shared CWE-428

Affected Assets

Kite
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires establishing and implementing secure configuration settings for system components, including properly quoting Windows service executable paths to directly prevent unquoted service path vulnerabilities like CVE-2020-36958.

prevent

Mandates timely identification, reporting, and correction of system flaws, such as the unquoted service path in KiteService, to remediate the vulnerability before exploitation.

detect

Vulnerability scanning monitors for and identifies specific issues like unquoted service paths in CVE-2020-36958 during periodic assessments of the system.

References