CVE-2021-47805
Published: 16 January 2026
Summary
CVE-2021-47805 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Flexense Disksavvy. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of flaws like the unquoted service path in Disk Savvy, preventing exploitation for privilege escalation.
Mandates establishment and enforcement of secure configuration settings, including properly quoted paths for Windows services to block search path hijacking.
Requires vulnerability scanning that identifies unquoted service path issues like CVE-2021-47805 in system services.
NVD Description
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run…
more
with elevated LocalSystem privileges.
Deeper analysisAI
CVE-2021-47805 is an unquoted service path vulnerability affecting Disk Savvy version 13.6.14 on Windows. The issue resides in the software's Windows service configuration, where the service binary path lacks proper quoting, enabling local attackers to potentially execute arbitrary code. This flaw is classified under CWE-428 (Unquoted Search Path or Element) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A local attacker with low-privilege access (PR:L) can exploit this vulnerability by placing a malicious executable in a directory that precedes the legitimate service binary in the system's search path. When the Disk Savvy service starts or restarts, it will execute the attacker's malicious file instead, granting it elevated LocalSystem privileges. This allows the attacker to achieve full system compromise, including persistent access, data theft, or further lateral movement within the environment.
Advisories and related resources are available from the vendor at https://www.disksavvy.com, VulnCheck at https://www.vulncheck.com/advisories/disk-savvy-multiple-unquoted-service-path, and a public exploit proof-of-concept at https://www.exploit-db.com/exploits/50024. Security practitioners should consult these for detailed mitigation guidance, such as applying patches if available or implementing service path hardening to prevent exploitation. The CVE was published on 2026-01-16.
Details
- CWE(s)