CVE-2026-6348
9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Simopro Technology | WinMatrix | 3.5.13 <= 3.5.26.15 | affected |
Weaknesses
- CWE-306: CWE-306 Missing authentication for critical function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html
- https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.