HIGHCVE-2026-0539Published Modified CNA NCSC.ch
CVE-2026-0539: Local Privilege Escalation in pcvisit service client
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 1
Fix available
025.12.3.1745
Affected packages
- pcvisit / pcvisit Remote Host Modul< 25.12.3.1745 (from 22.6.22.1329)Fixed in 0, 25.12.3.1745
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences