What is CVE-2016-20091?

CVE-2016-20091 is a high-severity vulnerability in Binisoft Windows Firewall Control, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-06-19.

How severe is CVE-2016-20091?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Binisoft Windows Firewall Control

CVE-2016-20091

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted pa…

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Binisoft Windows Firewall Control — versions 4.8.6.0

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2016-20091?: CVE-2016-20091 is a high-severity vulnerability in Binisoft Windows Firewall Control, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-06-19.
How severe is CVE-2016-20091?: High severity. CVSS v3 base score is 7.8 out of 10.