Wibu

By the Year

In 2026 there have been 2 vulnerabilities in Wibu with an average score of 7.8 out of ten. Wibu did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.

Recent Wibu Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2020-37017	Jan 29, 2026	CodeMeter 6.60 Unquoted Service Path Exec Priv Esc CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.	Codemeter
CVE-2021-47810	Jan 15, 2026	Unquoted Service Path Vulnerability in WibuKey Runtime 6.51 (WkSvW32.exe) WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.	Wibukey
CVE-2024-45182	Sep 12, 2024	WibuKey <=6.69 Bounds Check in WibuKey64.sys Enables DoS An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.	Wibukey
CVE-2024-45181	Sep 12, 2024	Kernel Mem Corruption in WibuKey64.sys before v6.70 An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.	Wibukey
CVE-2023-4701	Sep 13, 2023	REJECTED: CVE-2023-4701 duplicate of CVE-2023-3935 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vendor eventually states that this issue is identical to CVE-2023-3935	Codemeter Runtime
CVE-2023-3935	Sep 13, 2023	CodeMeter Runtime <=7.60b Heap Buffer Overflow RCE A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.	Codemeter Runtime
CVE-2021-20094	Jun 16, 2021	A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.	Codemeter
CVE-2021-20093	Jun 16, 2021	A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.	Codemeter
CVE-2020-14517	Sep 16, 2020	Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.	Codemeter
CVE-2020-14509	Sep 16, 2020	Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.	Codemeter