CVE 8.5 HIGH

CVE-2026-8797_CVE-2026-8797

June 26, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

AI Analysis

Access control deficiency vulnerability allowing arbitrary code execution with SYSTEM privileges

Basic Information

ID CVE-2026-8797

Source NEC

Published Jun 26, 2026 at 04:14

Modified Jun 26, 2026 at 04:19

Affected Product

Vendor NEC Corporation

Product ExpressUpdate Agent for Windows

Version 3.24 and prior

Affected Versions NEC Corporation ExpressUpdate Agent for Windows 3.24 and prior

CWE Classification

CWE-782

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor NEC Corporation

Product ExpressUpdate Agent for Windows

Version 3.24 and prior

References

jpn.nec.com /security-info/secinfo/nv26-004_en.html

{
    "lastseen": "",
    "description": "An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.",
    "published": "2026-06-26T04:14:19.370Z",
    "modified": "2026-06-26T04:19:19.204Z",
    "type": "cve",
    "title": "CVE-2026-8797",
    "source": "NEC",
    "references": "https://jpn.nec.com/security-info/secinfo/nv26-004_en.html",
    "id": "CVE-2026-8797",
    "bulletinFamily": "",
    "cwe": [
        "CWE-782"
    ],
    "cvelist": null,
    "sourceData": "NEC Corporation ExpressUpdate Agent for Windows 3.24 and prior",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ExpressUpdate Agent for Windows",
    "version": "3.24 and prior",
    "vendor": "NEC Corporation",
    "ai_description": "Access control deficiency vulnerability allowing arbitrary code execution with SYSTEM privileges",
    "ai_severity": "High",
    "ai_vendor": "NEC Corporation",
    "ai_product": "ExpressUpdate Agent for Windows",
    "ai_version": "3.24 and prior",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply