Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9489

Summary
Assigner-Acer
Assigner Org ID-8fc372e3-d9c5-46e4-9410-38469745c639
Published At-25 May, 2026 | 01:50
Updated At-26 May, 2026 | 15:20
Rejected At-
Credits

NitroSense V3: Local Privilege Escalation (LPE) vulnerability

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Acer
Assigner Org ID:8fc372e3-d9c5-46e4-9410-38469745c639
Published At:25 May, 2026 | 01:50
Updated At:26 May, 2026 | 15:20
Rejected At:
▼CVE Numbering Authority (CNA)
NitroSense V3: Local Privilege Escalation (LPE) vulnerability

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Affected Products
Vendor
Acer Inc.Acer
Product
NitrorSense V3
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 3.01.3001 through 3.01.3052 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWECWE-269CWE-269: Improper Privilege Management
CWECWE-284CWE-284: Improper Access Control
CWECWE-732CWE-732: Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-732
Description: CWE-732: Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-69CAPEC-69 Target Programs with Elevated Privileges
CAPEC ID: CAPEC-69
Description: CAPEC-69 Target Programs with Elevated Privileges
Solutions

Please update for version  3.01.3056.

Configurations
Workarounds
Exploits
Credits
finder
Artem Domarev
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.acer.com/en/kb/articles/19652
N/A
Hyperlink: https://community.acer.com/en/kb/articles/19652
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:8fc372e3-d9c5-46e4-9410-38469745c639
Published At:25 May, 2026 | 02:16
Updated At:25 May, 2026 | 02:16

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondary8fc372e3-d9c5-46e4-9410-38469745c639
CWE-269Secondary8fc372e3-d9c5-46e4-9410-38469745c639
CWE-284Secondary8fc372e3-d9c5-46e4-9410-38469745c639
CWE-732Secondary8fc372e3-d9c5-46e4-9410-38469745c639
CWE ID: CWE-22
Type: Secondary
Source: 8fc372e3-d9c5-46e4-9410-38469745c639
CWE ID: CWE-269
Type: Secondary
Source: 8fc372e3-d9c5-46e4-9410-38469745c639
CWE ID: CWE-284
Type: Secondary
Source: 8fc372e3-d9c5-46e4-9410-38469745c639
CWE ID: CWE-732
Type: Secondary
Source: 8fc372e3-d9c5-46e4-9410-38469745c639
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://community.acer.com/en/kb/articles/196528fc372e3-d9c5-46e4-9410-38469745c639
N/A
Hyperlink: https://community.acer.com/en/kb/articles/19652
Source: 8fc372e3-d9c5-46e4-9410-38469745c639
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2025-3394
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.30%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 12:34
Updated-28 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in user management of Automation Builder

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

Action-Not Available
Vendor-ABB
Product-automation_builderAutomation Builder
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-37355
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.48%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 21:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Graphics software
CWE ID-CWE-284
Improper Access Control
CVE-2024-37369
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.63%
||
7 Day CHG-0.00%
Published-14 Jun, 2024 | 16:50
Updated-31 Jan, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-factorytalk_viewFactoryTalk® View SEfactorytalk_view
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32010
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.45%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-26022
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.15% / 35.11%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-aptio_v_uefi_firmware_integrator_toolsIntel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUCuefi_integrator_tools_on_aptio_v_for_intel_nuc_lnxuefi_integrator_tools_on_aptio_v_for_intel_nuc_win
CWE ID-CWE-284
Improper Access Control
CVE-2024-13975
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.08% / 22.96%
||
7 Day CHG+0.05%
Published-25 Jul, 2025 | 15:49
Updated-22 Nov, 2025 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8.

Action-Not Available
Vendor-Commvault Systems, Inc.
Product-Commvault
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-36916
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.42%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 15:52
Updated-08 Jan, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

Action-Not Available
Vendor-Tdmsignage
Product-TDM Digital Signage PC Player
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-6182
Matching Score-4
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
ShareView Details
Matching Score-4
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
CVSS Score-8.5||HIGH
EPSS-0.02% / 5.59%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:44
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Root Certificate Injection

The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones.

Action-Not Available
Vendor-StrongDM
Product-sdm
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-40574
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.05% / 17.00%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-40672
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.83%
||
7 Day CHG~0.00%
Published-26 May, 2025 | 09:05
Updated-06 Jun, 2025 | 12:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation in Panloader.exe

A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS).

Action-Not Available
Vendor-Grupo Espiral MS
Product-Panloader.exe
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found