EUVD-2026-23163
GHSA-ppm7-9255-8gmf
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionNVD
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.
AnalysisAI
WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all WinMatrix agent deployments and document versions in use; immediately isolate or air-gap systems running versions 3.5.13-3.5.26.15 if business continuity permits. Within 7 days: Implement network segmentation to restrict lateral movement from WinMatrix-agent systems; deploy enhanced monitoring for privilege escalation attempts and SYSTEM-level process execution on affected hosts; contact WinMatrix vendor for patch timeline and interim guidance. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today