Cyber Resilience

CVE-2022-50917

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 9.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50917 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Proton Protonvpn. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-50917 is an unquoted service path vulnerability in ProtonVPN version 1.26.0, specifically affecting its WireGuard service configuration. Published on 2026-01-13, this issue falls under CWE-428 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential from local access.

Local attackers with low privileges can exploit the vulnerability by placing malicious executables in specific filesystem locations that align with the unquoted service path. During WireGuard service startup, the system may execute the attacker's binary instead of the legitimate one, enabling arbitrary code execution and privilege escalation.

Advisories and related resources provide further details on the issue, including the VulnCheck advisory at https://www.vulncheck.com/advisories/protonvpn-unquoted-service-path, a proof-of-concept exploit at https://www.exploit-db.com/exploits/50837, and ProtonVPN's official site at https://protonvpn.com/.

A public exploit is available on Exploit-DB, highlighting the vulnerability's exploitability in real-world scenarios.

EU & UK References

Vulnerability details

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated…

more

privileges during service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Unquoted service path directly enables path interception by unquoted path (T1574.009) during service startup, resulting in arbitrary code execution for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50914Shared CWE-428
CVE-2020-36982Shared CWE-428
CVE-2020-36987Shared CWE-428
CVE-2021-47825Shared CWE-428
CVE-2020-37059Shared CWE-428
CVE-2020-36953Shared CWE-428
CVE-2022-50935Shared CWE-428
CVE-2021-47864Shared CWE-428
CVE-2020-37060Shared CWE-428
CVE-2019-25308Shared CWE-428

Affected Assets

proton
protonvpn
1.26.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

CM-6 mandates secure configuration settings for system components like services, directly preventing unquoted service path vulnerabilities by requiring quoted paths in WireGuard configurations.

prevent

SI-2 requires timely identification, reporting, and correction of flaws such as CVE-2022-50917, mitigating the unquoted service path issue through patching or configuration fixes.

detect

RA-5 employs vulnerability scanning to detect configuration weaknesses like unquoted service paths in ProtonVPN's WireGuard service, enabling proactive remediation.

References