CVE-2026-8797 | THREATINT

Description

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

PUBLISHED Reserved 2026-05-18 | Published 2026-06-26 | Updated 2026-06-26 | Assigner NEC

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-782: Exposed IOCTL with Insufficient Access Control

Product status

Default status

unknown

3.24 and prior

affected

Credits

MASAHIRO IIDA of LAC Co., Ltd. reporter

References

jpn.nec.com/security-info/secinfo/nv26-004_en.html

cve.org (CVE-2026-8797)

nvd.nist.gov (CVE-2026-8797)

Download JSON