CVE-2026-11858
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Quanos Solutions GmbH | SCHEMA ST4 | SCHEMA ST4 on-premises, all versions | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
Workarounds
Disable the Client Update Service until a fix is provided. Restrict local interactive access to systems running SCHEMA ST4 on-premises. Apply the principle of least privilege to local user accounts and prevent untrusted users from obtaining local sessions on affected hosts. Ensure that only trusted administrators can perform client updates manually.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.