Skip to main content

Systrack Agent CVE-2026-35099

| EUVDEUVD-2026-17917 HIGH
Race Condition (CWE-362)
2026-04-01 mitre GHSA-jhjf-xmxj-grf3
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Re-analysis Queued
Apr 27, 2026 - 19:22 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 06:09 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
11.2.1.28
EUVD ID Assigned
Apr 01, 2026 - 16:00 euvd
EUVD-2026-17917
Analysis Generated
Apr 01, 2026 - 16:00 vuln.today
CVE Published
Apr 01, 2026 - 15:39 nvd
HIGH 7.4

DescriptionCVE.org

Lakeside SysTrack Agent 11 before 11.2.1.28 has a race condition with resultant Local Privilege Escalation to SYSTEM.

AnalysisAI

Local privilege escalation to SYSTEM via race condition in Lakeside SysTrack Agent 11 (versions prior to 11.2.1.28) allows unauthenticated local attackers to gain complete system control through timing-dependent exploitation. EPSS risk assessment and KEV status not available at time of analysis; no public exploit identified at time of analysis. Attack complexity is rated high, requiring precise timing manipulation of concurrent operations.

Technical ContextAI

Lakeside SysTrack Agent is an endpoint monitoring solution that runs with SYSTEM privileges on Windows endpoints to collect performance and user experience data. This vulnerability stems from a race condition (CWE-362), a timing-dependent flaw where the security of an operation depends on the correct sequencing of events. In multi-threaded or multi-process environments, race conditions occur when the outcome depends on the non-deterministic ordering of operations, such as time-of-check to time-of-use (TOCTOU) flaws, improper synchronization of shared resources, or inadequate locking mechanisms. The affected component is cpe:2.3:a:lakeside_software:systrack_agent across all versions of the 11.x branch prior to 11.2.1.28. Since the agent operates with elevated SYSTEM-level privileges for system monitoring purposes, successful exploitation of the race condition allows an attacker to inherit or hijack these privileges, bypassing Windows security boundaries.

RemediationAI

Upgrade Lakeside SysTrack Agent to version 11.2.1.28 or later, which addresses the race condition vulnerability according to the vendor's hotfix release notes at https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11.2.1.28%20Hotfix%20Agent%20Release%20Notes.htm. Organizations should prioritize patching endpoints where multiple users have local access or where untrusted users may have console access. As an interim mitigation where immediate patching is not feasible, restrict local logon access to monitored endpoints to only trusted administrators, implement application control policies to prevent unauthorized code execution, and monitor for suspicious privilege escalation attempts in Windows security logs (Event ID 4672 for special privileges assigned to new logons). No workaround fully mitigates the vulnerability; upgrading to the patched version is the definitive remediation.

Share

CVE-2026-35099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy