CVE-2026-8797

Summary

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationExpressUpdate Agent for Windows3.24 and prioraffected

Weaknesses

  • CWE-782: CWE-782: Exposed IOCTL with Insufficient Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References