Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Lakeside SysTrack Agent 11 before 11.2.1.28 has a race condition with resultant Local Privilege Escalation to SYSTEM.
AnalysisAI
Local privilege escalation to SYSTEM via race condition in Lakeside SysTrack Agent 11 (versions prior to 11.2.1.28) allows unauthenticated local attackers to gain complete system control through timing-dependent exploitation. EPSS risk assessment and KEV status not available at time of analysis; no public exploit identified at time of analysis. Attack complexity is rated high, requiring precise timing manipulation of concurrent operations.
Technical ContextAI
Lakeside SysTrack Agent is an endpoint monitoring solution that runs with SYSTEM privileges on Windows endpoints to collect performance and user experience data. This vulnerability stems from a race condition (CWE-362), a timing-dependent flaw where the security of an operation depends on the correct sequencing of events. In multi-threaded or multi-process environments, race conditions occur when the outcome depends on the non-deterministic ordering of operations, such as time-of-check to time-of-use (TOCTOU) flaws, improper synchronization of shared resources, or inadequate locking mechanisms. The affected component is cpe:2.3:a:lakeside_software:systrack_agent across all versions of the 11.x branch prior to 11.2.1.28. Since the agent operates with elevated SYSTEM-level privileges for system monitoring purposes, successful exploitation of the race condition allows an attacker to inherit or hijack these privileges, bypassing Windows security boundaries.
RemediationAI
Upgrade Lakeside SysTrack Agent to version 11.2.1.28 or later, which addresses the race condition vulnerability according to the vendor's hotfix release notes at https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11.2.1.28%20Hotfix%20Agent%20Release%20Notes.htm. Organizations should prioritize patching endpoints where multiple users have local access or where untrusted users may have console access. As an interim mitigation where immediate patching is not feasible, restrict local logon access to monitored endpoints to only trusted administrators, implement application control policies to prevent unauthorized code execution, and monitor for suspicious privilege escalation attempts in Windows security logs (Event ID 4672 for special privileges assigned to new logons). No workaround fully mitigates the vulnerability; upgrading to the patched version is the definitive remediation.
More in Systrack Agent
View allSame weakness CWE-362 – Race Condition
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17917
GHSA-jhjf-xmxj-grf3