CVE-2026-11858 | Quanos SCHEMA ST4 on-premises contains a local privilege esc… | CVSS 8.4 HIGH

Description

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.

Metadata

CVE ID: CVE-2026-11858
State: PUBLISHED
Assigner: SEC-VLab
Reserved: 2026-06-10 09:08 UTC
Published: 2026-06-17 11:50 UTC
Last updated: 2026-06-17 14:56 UTC
Primary CWE: CWE-862
CWE-862 Missing Authorization
Vendor / Product: Quanos Solutions GmbH / SCHEMA ST4
Sources: cve.org · NVD

Severity & Metrics

8.4 HIGH CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Quanos Solutions GmbH	SCHEMA ST4	—	SCHEMA ST4 on-premises, all versions

Weakness (CWE)

CWE	Source	Description
CWE-862	cna	CWE-862 Missing Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.4	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References (1)

https://r.sec-consult.com/quanos