CVE-2026-57919

CVSS 7.8 HIGHCWE-276 CWE-426

Vexday Risk Score

18Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.

CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backup https://matrix42.com