CVE-2026-9789
HighSummary
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL).
Risk Assessment
The risk is that any authenticated local user can connect to the service and send commands, allowing them to delete arbitrary files with system authority.
Recommendation
It is recommended to update Acer NitroSense software to version 3.01.3052 or later to mitigate this vulnerability.
Original NVD description (English source)
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.

