Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Mar 5, 2026

Cobian Backup 0.9 - Unquoted Service Path

CVE-2022-50923

Description

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.

Affected products

Cocsoft/Cobian Backupv5
Range: 0.9.93

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50810mitreexploit
www.vulncheck.com/advisories/cobian-backup-unquoted-service-pathmitrethird-party-advisory
www.cobiansoft.com//mitreproduct
www.cobiansoft.com/download.php/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000