Skip to main content

Winmatrix EUVDEUVD-2026-23163

| CVE-2026-6348 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-04-16 twcert GHSA-ppm7-9255-8gmf
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Analysis Updated
Apr 16, 2026 - 03:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 16, 2026 - 03:34 vuln.today
cvss_changed
Severity Changed
Apr 16, 2026 - 03:34 NVD
HIGH CRITICAL
CVSS changed
Apr 16, 2026 - 03:34 NVD
8.8 (HIGH) 9.3 (CRITICAL)
Analysis Generated
Apr 16, 2026 - 02:51 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 02:45 euvd
EUVD-2026-23163
Analysis Generated
Apr 16, 2026 - 02:45 vuln.today
CVE Published
Apr 16, 2026 - 01:53 nvd
CRITICAL 9.3

DescriptionCVE.org

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.

AnalysisAI

WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. Taiwan CERT issued advisories in January 2026 for versions 3.5.13 through 3.5.26.15. No public exploit identified at time of analysis, but CVSS 9.3 reflects catastrophic potential impact given the agent's privileged access and network propagation capability. EPSS data not available for new 2026 CVE.

Technical ContextAI

WinMatrix is an endpoint management agent developed by Simopro Technology, operating with SYSTEM-level privileges to perform administrative tasks across enterprise environments. The vulnerability stems from CWE-306 (Missing Authentication for Critical Function), meaning privileged operations within the agent lack proper authentication checks. The CVSS 4.0 vector confirms local attack vector (AV:L) but critically includes High impact to Subsequent system Confidentiality/Integrity/Availability (SC:H/SI:H/SA:H), indicating scope change - the attacker gains control beyond the initially compromised component. CPE identifies the vulnerable product as cpe:2.3:a:simopro_technology:winmatrix affecting versions 3.5.13 through 3.5.26.15 per EUVD data. Management agents typically expose APIs, IPC mechanisms, or configuration interfaces; missing authentication on these channels allows low-privileged users to inject commands that execute with the agent's SYSTEM context, then propagate through the agent's network communication pathways to other managed endpoints.

RemediationAI

Immediately upgrade WinMatrix agent to version 3.5.26.16 or later if available per vendor guidance, though specific patch version is not confirmed in TWCERT advisories - consult Simopro Technology support portal or contact vendor directly for validated patched release. Review TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html for vendor-specific remediation instructions. Until patching completes, implement compensating controls with understanding of operational impact: restrict local interactive logon to WinMatrix-managed systems using Windows Group Policy or equivalent, limiting exposure to domain administrators only (reduces attacker pool but may disrupt legitimate user workflows); apply application control policies via AppLocker or similar to prevent unauthorized process execution in WinMatrix installation directories (may block legitimate administrative tools if misconfigured); enable aggressive process monitoring and EDR alerting for child processes spawned by WinMatrix agent service with SYSTEM privileges executing unexpected binaries; segment WinMatrix management network traffic using VLANs or firewall rules to contain potential lateral movement (requires network architecture changes and may break centralized management features). Audit all systems for unauthorized SYSTEM-level activity since deployment of vulnerable versions. Given the authentication bypass nature, network-level controls provide minimal protection - prioritize rapid patching over workarounds.

Share

EUVD-2026-23163 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy