Back to overview

CVE-2026-57919

HIGH
7.8
CVSS 3.1
Description
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.

Metadata

CVE ID
CVE-2026-57919
State
PUBLISHED
Assigner
mitre
Reserved
2026-06-26 00:00 UTC
Published
2026-06-29 00:00 UTC
Last updated
2026-06-29 20:44 UTC
Primary CWE
CWE-276
CWE-276 Incorrect Default Permissions
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

7.8 HIGH CVSS 3.1
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
CWE-276 adp CWE-276 Incorrect Default Permissions
CWE-426 adp CWE-426 Untrusted Search Path
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.8 HIGH 3.1 cna CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Back to overview