CVE-2026-0539

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.

CVSS

No CVSS.

References

Link	Resource
https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/
https://www.pcvisit.de/kundenbereich/release-notes

Configurations

No configuration.

History

22 Apr 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-22 14:16

Updated : 2026-04-22 21:23

NVD link : CVE-2026-0539

Mitre link : CVE-2026-0539

CVE.ORG link : CVE-2026-0539

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2026-0539", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-22T14:16:30.317", "references": [{"url": "https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/", "source": "vulnerability@ncsc.ch"}, {"url": "https://www.pcvisit.de/kundenbereich/release-notes", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u00a022.6.22.1329 and was fixed in 25.12.3.1745."}], "lastModified": "2026-04-22T21:23:52.620", "sourceIdentifier": "vulnerability@ncsc.ch"}

CVE-2026-0539

JSON object

Attach tags to CVE-2026-0539

Attach tags to `CVE-2026-0539`