NitroSense V3: Security Vulnerability Information_CVE-2026-9789

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.

AI Analysis

Local Privilege Escalation vulnerability in Acer NitroSense software due to weak Access Control List (ACL) in PSAdminAgent service

Basic Information

ID CVE-2026-9789

Source Acer

Published May 28, 2026 at 02:39

Affected Product

Vendor Acer

Product NitrorSense V3

Version 3.01.3001

Affected Versions Acer NitrorSense V3 3.01.3001

CWE Classification

CWE-22 CWE-269 CWE-284 CWE-732

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Acer

Product NitroSense

Version 3.01.3001 and prior

References

community.acer.com /en/kb/articles/19670

{
    "lastseen": "",
    "description": "A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.",
    "published": "2026-05-28T02:39:40.930Z",
    "modified": "2026-05-28T02:39:40.930Z",
    "type": "cve",
    "title": "NitroSense V3: Security Vulnerability Information",
    "source": "Acer",
    "references": "https://community.acer.com/en/kb/articles/19670",
    "id": "CVE-2026-9789",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-269",
        "CWE-284",
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Acer NitrorSense V3 3.01.3001",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NitrorSense V3",
    "version": "3.01.3001",
    "vendor": "Acer",
    "ai_description": "Local Privilege Escalation vulnerability in Acer NitroSense software due to weak Access Control List (ACL) in PSAdminAgent service",
    "ai_severity": "High",
    "ai_vendor": "Acer",
    "ai_product": "NitroSense",
    "ai_version": "3.01.3001 and prior",
    "ai_score": 8.5
}