CVE 9.3 CRITICAL

Simopro Technology｜WinMatrix – Missing Authentication_CVE-2026-6348

April 15, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.

AI Analysis

Missing Authentication vulnerability allowing local attackers to execute arbitrary code with SYSTEM privileges

Basic Information

ID CVE-2026-6348

Source twcert

Published Apr 16, 2026 at 01:53

Affected Product

Vendor Simopro Technology

Product WinMatrix

Version 3.5.13

Affected Versions Simopro Technology WinMatrix 3.5.13

CWE Classification

CWE-306

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Simopro Technology

Product WinMatrix

Version 3.5.13

References

{
    "lastseen": "",
    "description": "WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.",
    "published": "2026-04-16T01:53:07.148Z",
    "modified": "2026-04-16T01:53:07.148Z",
    "type": "cve",
    "title": "Simopro Technology\uff5cWinMatrix - Missing Authentication",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html\nhttps://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html",
    "id": "CVE-2026-6348",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Simopro Technology WinMatrix 3.5.13",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WinMatrix",
    "version": "3.5.13",
    "vendor": "Simopro Technology",
    "ai_description": "Missing Authentication vulnerability allowing local attackers to execute arbitrary code with SYSTEM privileges",
    "ai_severity": "Critical",
    "ai_vendor": "Simopro Technology",
    "ai_product": "WinMatrix",
    "ai_version": "3.5.13",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply