Home

Description

PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-08 | Updated 2026-05-08 | Assigner Acer




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-269: Improper Privilege Management

CWE-284: Improper Access Control

CWE-732: Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

3.00.3136 (custom)
affected

Credits

Artem Domarev finder

References

community.acer.com/en/kb/articles/19652

cve.org (CVE-2026-8069)

nvd.nist.gov (CVE-2026-8069)

Download JSON