Untrusted Search Path

Description

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

Affected Products

Vendor	Product	Versions
phoenix contact	axc f	0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0, 0.0.0

References

https://www.certvde.com/en/advisories/VDE-2026-050/

Related News (1 articles)

Tier C

VulDB12h ago

CVE-2025-41670 | Phoenix Contact VPLCNEXT CONTROL 500 up to 2026.0.2 uncontrolled search path (VDE-2026-050)

→ No new info (linked only)

CVSS 3.17.8 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

2026.0.3

CWECWE-427

PublishedMay 27, 2026

Last enriched11h agov2

Community Vote

Version History

Last enriched 11h ago

v2Tier C11h ago

Updated affected versions to include 2026.0.2, changed severity to MEDIUM, and noted that no exploit is available.

affectedVersionsseveritytags

via VulDB

v113h ago

Initial creation

Untrusted Search Path

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History