QSearchQSearch

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that use...

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CWE
CWE-22, CWE-269, CWE-284, CWE-732

Description

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-48777 FileBrowser Quantum is a free, self-hosted, web-based file manager
  • CVE-2026-53856 OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly ... (5.5 MEDIUM)
  • CVE-2024-38487 api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)
  • CVE-2026-12313 Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
  • CVE-2026-12289 Privilege escalation in the Graphics: WebRender component (8.8 HIGH)