Windows ACPX Path Vulnerability: Cwd Injection in Wrapper Execution

Vulnerability Description: The issue arises from improper handling of .cmd and .bat files during wrapper resolution, leading to shell fallback execution. This allows an attacker to influence the current working directory (cwd), potentially altering command execution behavior and enabling unauthorized actions.
PoC Significance: The proof-of-concept demonstrates how cwd manipulation can exploit the fallback mechanism, highlighting a critical flaw in path resolution. It underscores the importance of secure wrapper execution in preventing unintended command execution.
Detection Guidance: Implement logging for .cmd/.bat file executions and monitor for unexpected process spawns. Use tools like Process Monitor to track path resolutions and detect anomalies.
Mitigation Steps: Update to patched version 2026.3.1 immediately. Configure strict fail-closed handling for unresolved wrappers and avoid shell fallbacks unless necessary.
Risk Assessment: High likelihood of exploitation due to Windows prevalence and potential for remote code execution. Attackers targeting command execution will likely exploit this vulnerability.