Cyber Resilience

CVE-2022-50921

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50921 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Wow21 Wow21. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-50921 is an unquoted service path vulnerability (CWE-428) in WOW21 version 5.0.1.9. The issue affects the WoWService component, where the service binary path lacks proper quotation, enabling local attackers to potentially execute arbitrary code with elevated system privileges. Published on 2026-01-13 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it stems from an unquoted binary path that allows injection of malicious executables launched under LocalSystem permissions during service startup.

Local low-privileged attackers (PR:L) can exploit this with low attack complexity and no user interaction by placing a malicious executable in a directory parsed before the legitimate service binary during path resolution. Successful exploitation grants LocalSystem privileges, enabling full system compromise through arbitrary code execution with high impacts on confidentiality, integrity, and availability.

Advisories, including one from Vulncheck detailing the WoWSERVICE unquoted service path, and a proof-of-concept exploit on Exploit-DB (ID 50818), highlight the vulnerability but do not specify patches in the available references. An archived version of the vendor site (wow21.life) is also referenced.

EU & UK References

Vulnerability details

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during…

more

service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct unquoted service path enables path interception for privilege escalation to LocalSystem via malicious executable placement.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50914Shared CWE-428
CVE-2020-36982Shared CWE-428
CVE-2020-36987Shared CWE-428
CVE-2021-47825Shared CWE-428
CVE-2020-37059Shared CWE-428
CVE-2020-36953Shared CWE-428
CVE-2022-50935Shared CWE-428
CVE-2021-47864Shared CWE-428
CVE-2020-37060Shared CWE-428
CVE-2019-25308Shared CWE-428

Affected Assets

wow21
wow21
5.0.1.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

CM-6 enforces secure configuration settings for system components, directly preventing unquoted service paths like that in WOW21's WoWService by requiring properly quoted binary paths.

prevent

SI-2 requires identification, reporting, and remediation of system flaws such as the unquoted service path vulnerability in CVE-2022-50921, eliminating the privilege escalation risk.

detect

RA-5 mandates vulnerability monitoring and scanning that specifically detects unquoted service path issues like CVE-2022-50921 for proactive remediation.

References