CVE-2026-57919
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability in PBackupVSS.exe in Matrix42 Empirum before version 25.5 and 26.x before 26.2 creates a named pipe with overly permissive DACL. An authenticated low-privileged attacker can connect to this pipe and send crafted IPC messages, leading to arbitrary command execution with SYSTEM privileges.
Risk Assessment
The risk is privilege escalation by a local attacker who can gain full system control, potentially installing malware or stealing sensitive data.
Recommendation
Immediately update Matrix42 Empirum to version 25.5 or 26.2 which fixes this vulnerability. Additionally, restrict access to the named pipe to trusted processes only.
Original NVD description (English source)
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.

