CVE-2026-35099

Summary

Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.

Affected Software

VendorProductVersion RangeStatus
Lakeside SoftwareSysTrack Agent11 < 11.2.1.28affected
Lakeside SoftwareSysTrack Agent11.3 < 11.3.0.38affected
Lakeside SoftwareSysTrack Agent11.4 < 11.4.0.24affected
Lakeside SoftwareSysTrack Agent11.5 < 11.5.0.15affected

Weaknesses

  • CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References