CVE-2026-9489
HighSummary
A vulnerability in NitroSense versions 3.x before 3.01.3052 allows local privilege escalation. The program exposes a misconfigured Windows Named Pipe, enabling any authenticated local user to execute arbitrary code with SYSTEM privileges and delete arbitrary files with SYSTEM privileges.
Risk Assessment
An attacker can gain full control of the system by executing code with the highest privileges, leading to complete compromise of confidentiality, integrity, and availability of data.
Recommendation
Immediately update NitroSense to version 3.01.3052 or later, which fixes this vulnerability.
Original NVD description (English source)
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

