Nssm-2.24 Privilege Escalation ((hot)) May 2026

: If a service's executable path contains spaces and is not enclosed in double quotes, Windows may misinterpret the path. For example, if the path is C:\Program Files\My Service\nssm.exe , Windows might try to execute C:\Program.exe first.

Privilege escalation typically occurs not because of a bug in NSSM, but because of misconfigurations in the services it creates. In many cases, these misconfigurations allow a low-privileged user to gain SYSTEM or Administrator access. 1. Unquoted Service Paths nssm-2.24 privilege escalation

This is the most common vulnerability associated with NSSM-2.24 deployments. : If a service's executable path contains spaces