CVE-2026-3000
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Changing | IDExpert Windows Logon Agent | 2.7.3.230719 <= 2.8.4.250925 | affected |
Weaknesses
- CWE-494: CWE-494 Download of Code Without Integrity Check
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10740-b2eb2-1.html
- https://www.twcert.org.tw/en/cp-139-10741-daed4-2.html
- https://www.changingtec.com/news_detail.jsp?item_id=348
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.