← volver
CVE-2026-57919

CVE-2026-57919

CVSS 7.8 HIGHCWE-276CWE-426
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backuphttps://matrix42.com