CVE Catalog

CVE-2026-9789

High
Published: Translated: NVD NIST

Summary

A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL).

Risk Assessment

The risk is that any authenticated local user can connect to the service and send commands, allowing them to delete arbitrary files with system authority.

Recommendation

It is recommended to update Acer NitroSense software to version 3.01.3052 or later to mitigate this vulnerability.

Original NVD description (English source)

A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS