NitroSense V3: Local Privilege Escalation (LPE) vulnerability_CVE-2026-9489

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

AI Analysis

Local Privilege Escalation (LPE) vulnerability in NitroSense 3.x before 3.01.3052, allowing authenticated local users to execute arbitrary code with elevated privileges.

Basic Information

ID CVE-2026-9489

Source Acer

Published May 25, 2026 at 01:50

Affected Product

Vendor Acer

Product NitrorSense V3

Version 3.01.3001

Affected Versions Acer NitrorSense V3 3.01.3001

CWE Classification

CWE-22 CWE-269 CWE-284 CWE-732

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Acer

Product NitroSense V3

Version 3.01.3001 and prior to 3.01.3052

References

community.acer.com /en/kb/articles/19652

{
    "lastseen": "",
    "description": "NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.",
    "published": "2026-05-25T01:50:32.063Z",
    "modified": "2026-05-25T01:50:32.063Z",
    "type": "cve",
    "title": "NitroSense V3: Local Privilege Escalation (LPE) vulnerability",
    "source": "Acer",
    "references": "https://community.acer.com/en/kb/articles/19652",
    "id": "CVE-2026-9489",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-269",
        "CWE-284",
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Acer NitrorSense V3 3.01.3001",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NitrorSense V3",
    "version": "3.01.3001",
    "vendor": "Acer",
    "ai_description": "Local Privilege Escalation (LPE) vulnerability in NitroSense 3.x before 3.01.3052, allowing authenticated local users to execute arbitrary code with elevated privileges.",
    "ai_severity": "High",
    "ai_vendor": "Acer",
    "ai_product": "NitroSense V3",
    "ai_version": "3.01.3001 and prior to 3.01.3052",
    "ai_score": 8.5
}