How is CVE-2026-11535 exploited?

Network reachability (info): The attack requires adjacent-network access, such as a shared LAN, Wi-Fi segment, or VPN, meaning the attacker must be co-located on the same network segment as the target. Authentication (not-required): No credentials or prior account access are needed; the attacker can reach the vulnerable service without authenticating. Victim interaction (not-required): The exploit does not require the victim to take any action such as clicking a link or opening a file. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

What is the impact of CVE-2026-11535?

Attacker reads sensitive data stored on the victim's device, including files, contacts, and application data. Attacker writes or modifies data on the victim's device, enabling tampering with stored content or application state. Attacker gains read and write access to systems connected through the PcSuite integration, extending the breach beyond the immediate device. Downstream services dependent on the compromised connected systems can be disrupted, causing availability impact across the broader environment.

Back to search

CRITICALCVE-2026-11535Published 2026-06-12Modified 2026-06-12CNA Vivo

CVE-2026-11535: An unauthorized access vulnerability exists in the PcSuite APP

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.

CVSS v4.0: 9.4
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An unauthorized access vulnerability exists in the vivo PcSuite application, affecting versions below 6.2.5. The flaw is reachable from an adjacent network (such as a local LAN or shared Wi-Fi segment) and requires no authentication, allowing an attacker in range to gain unauthorized access to the victim's device. Successful exploitation gives the attacker read and write access to sensitive data on both the local device and connected systems, and can disrupt downstream services. No fix version has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection for CVE-2026-11535 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle the vivo PcSuite application.

Available

Triage

HarborGuard is capable of scoring this CVE at its published CVSS v4.0 severity of 9.4 (Critical) and weighting it against each environment's compliance policy to prioritize alerts. Findings can be routed automatically to the appropriate team inbox within a customer organization based on image ownership and policy configuration.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream vendor releases a remediated version. In the interim, customers can apply compensating controls through HarborGuard's policy engine to flag or block deployment of affected images.

Pending upstream

Exploit Conditions

Network reachabilityDetail
The attack requires adjacent-network access, such as a shared LAN, Wi-Fi segment, or VPN, meaning the attacker must be co-located on the same network segment as the target.
AuthenticationNot required
No credentials or prior account access are needed; the attacker can reach the vulnerable service without authenticating.
Victim interactionNot required
The exploit does not require the victim to take any action such as clicking a link or opening a file.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

Attacker reads sensitive data stored on the victim's device, including files, contacts, and application data.
Attacker writes or modifies data on the victim's device, enabling tampering with stored content or application state.
Attacker gains read and write access to systems connected through the PcSuite integration, extending the breach beyond the immediate device.
Downstream services dependent on the compromised connected systems can be disrupted, causing availability impact across the broader environment.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-11535 is active for all customer images that include the vivo PcSuite application below version 6.2.5, with findings scored at Critical (9.4 CVSS v4.0) and routed according to each environment's compliance policy. Because no upstream fix exists at this time, HarborGuard monitors the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment vivo publishes a remediated version. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention as soon as the fix is available. In the interim, compensating controls are available through HarborGuard's policy engine: customers can enforce network-policy isolation to restrict workloads running PcSuite from adjacent-network exposure, apply deployment-blocking rules for affected image versions, and configure egress filtering to limit the application's reachable network surface.

See how HarborGuard automates this

Affected packages

vivo / PcSuite
Versions below 6.2.5

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

References

vivo.com

Metrics

Get notified