Skip to main content

ExpressUpdate Agent EUVDEUVD-2026-39623

| CVE-2026-8797 HIGH
Exposed IOCTL with Insufficient Access Control (CWE-782)
2026-06-26 NEC GHSA-cxm7-54mf-pwwg
8.5
CVSS 4.0 · Vendor: NEC
Share

Severity by source

Vendor (NEC) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local elevation by an already-present low-privileged user (AV:L/PR:L/AC:L), no interaction, yielding full SYSTEM control of the host so C/I/A:H with unchanged scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (NEC).

CVSS VectorVendor: NEC

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 26, 2026 - 05:15 vuln.today
CVE Published
Jun 26, 2026 - 04:14 cve.org
HIGH 8.5

DescriptionCVE.org

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

AnalysisAI

Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local foothold
Delivery
Locate running ExpressUpdate Agent interface
Exploit
Invoke exposed privileged IOCTL/endpoint
Execution
Execute attacker code as SYSTEM
Impact
Full host compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have local access with at least low-level privileges (PR:L) on a Windows host where ExpressUpdate Agent for Windows is installed and running; the description states 'if a malicious user gains access to the product,' so the agent must be present and reachable by the attacker's session. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are consistent in direction but indicate a locally-scoped rather than internet-facing risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged local account on a Windows server running ExpressUpdate Agent - for example a standard user or a compromised low-tier service account - invokes the agent's insufficiently-protected privileged interface to run code of their choosing in the SYSTEM context, escalating from limited user to full host control. Because no user interaction is needed and attack complexity is low, the action is reliable once local access exists. …
Remediation Apply the fix referenced in NEC security advisory NV26-004 (https://jpn.nec.com/security-info/secinfo/nv26-004_en.html); a patch is available per the vendor advisory, but the exact corrected version number is not stated in the provided data and should be confirmed directly from that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Windows systems with NEC ExpressUpdate Agent installed and document current user provisioning and local administrator assignments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy