Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local elevation by an already-present low-privileged user (AV:L/PR:L/AC:L), no interaction, yielding full SYSTEM control of the host so C/I/A:H with unchanged scope.
Primary rating from Vendor (NEC).
CVSS VectorVendor: NEC
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
AnalysisAI
Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have local access with at least low-level privileges (PR:L) on a Windows host where ExpressUpdate Agent for Windows is installed and running; the description states 'if a malicious user gains access to the product,' so the agent must be present and reachable by the attacker's session. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are consistent in direction but indicate a locally-scoped rather than internet-facing risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged local account on a Windows server running ExpressUpdate Agent - for example a standard user or a compromised low-tier service account - invokes the agent's insufficiently-protected privileged interface to run code of their choosing in the SYSTEM context, escalating from limited user to full host control. Because no user interaction is needed and attack complexity is low, the action is reliable once local access exists. … |
| Remediation | Apply the fix referenced in NEC security advisory NV26-004 (https://jpn.nec.com/security-info/secinfo/nv26-004_en.html); a patch is available per the vendor advisory, but the exact corrected version number is not stated in the provided data and should be confirmed directly from that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Windows systems with NEC ExpressUpdate Agent installed and document current user provisioning and local administrator assignments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39623
GHSA-cxm7-54mf-pwwg