What is CVE-2026-33253?

CVE-2026-33253 is a medium-severity vulnerability in Sanyo Denki Co., Ltd. Sanups Software, classified under Unquoted Search Path or Element. CVSS score: 6.7/10. Published 2026-03-25.

How severe is CVE-2026-33253?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Sanyo Denki Co., Ltd. Sanups Software

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sanyo Denki Co., Ltd. Sanups Software — versions Ver.2.0.0 to Ver.2.0.2, Ver.1.0.0 to Ver.1.1.4
Sanyo Denki Co., Ltd. Sanups Software Standalone — versions Ver.1.0.1 to Ver.1.1.4

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

Frequently asked questions

What is CVE-2026-33253?: CVE-2026-33253 is a medium-severity vulnerability in Sanyo Denki Co., Ltd. Sanups Software, classified under Unquoted Search Path or Element. CVSS score: 6.7/10. Published 2026-03-25.
How severe is CVE-2026-33253?: Medium severity. CVSS v3 base score is 6.7 out of 10.