CVEFinder.io

CVE-2026-0539

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions afterΒ 22.6.22.1329 and was fixed in 25.12.3.1745.

CVSS Score
-
EPSS Score
0.0
Exploit Probability
Published Date
2026-04-22
First Seen: 2026-05-20
🎯 CISA SSVC Assessment Updated: Apr 22, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD πŸ”—
CVSS Vector 4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-276

πŸ“¦ Affected Products 0

No affected products information available

πŸ”— References 2

https://labs.infoguard.ch/advisories/cve-2026-0539_p...
https://www.pcvisit.de/kundenbereich/release-notes