CVE-2026-11858 | THREATINT

Description

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.

PUBLISHED Reserved 2026-06-10 | Published 2026-06-17 | Updated 2026-06-17 | Assigner SEC-VLab

HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

affected

SCHEMA ST4 on-premises, all versions

affected

Credits

Johannes Kruchem, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/quanos third-party-advisory

cve.org (CVE-2026-11858)

nvd.nist.gov (CVE-2026-11858)

Download JSON