CVE Catalog

CVE-2026-9489

High
Published: Translated: NVD NIST

Summary

A vulnerability in NitroSense versions 3.x before 3.01.3052 allows local privilege escalation. The program exposes a misconfigured Windows Named Pipe, enabling any authenticated local user to execute arbitrary code with SYSTEM privileges and delete arbitrary files with SYSTEM privileges.

Risk Assessment

An attacker can gain full control of the system by executing code with the highest privileges, leading to complete compromise of confidentiality, integrity, and availability of data.

Recommendation

Immediately update NitroSense to version 3.01.3052 or later, which fixes this vulnerability.

Original NVD description (English source)

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS