What is CVE-2016-20060?

CVE-2016-20060 is a high-severity vulnerability in Hotspotshield Hotspot Shield, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-04-04.

How severe is CVE-2016-20060?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Hotspotshield Hotspot Shield

CVE-2016-20060

Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service pat…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hotspotshield Hotspot Shield — versions 6.0.3

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

ExploitDB-40528 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation (third-party-advisory)

Frequently asked questions

What is CVE-2016-20060?: CVE-2016-20060 is a high-severity vulnerability in Hotspotshield Hotspot Shield, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-04-04.
How severe is CVE-2016-20060?: High severity. CVSS v3 base score is 7.8 out of 10.