EUVD-2026-22249

| CVE-2026-2450 HIGH
2026-04-14 upKeeper GHSA-xgq8-f73q-q3gm
Information Disclosure Upkeeper Instant Privilege Access
7.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 15:25 vuln.today

DescriptionNVD

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

AnalysisAI

Misconfigured .NET impersonation in upKeeper Instant Privilege Access through version 1.5.0 enables authenticated remote attackers to hijack privileged execution threads, leading to high confidentiality and integrity impact on underlying system resources. The vulnerability requires low-level privileges and presents network-based attack vector with high complexity. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all upKeeper Instant Privilege Access deployments and document current version across the environment. Within 7 days: Isolate or disable upKeeper instances running version 1.5.0 or earlier pending vendor guidance; contact upKeeper support to confirm patch availability and expected release timeline. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22249 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy