CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the –dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim’s machine or capture NTLM credentials by supplying a networked or WebDAV file path.

Source: CVE-2021-44041