Skip to main content

Schema St4

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-11858 HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows low-privileged authenticated Windows users to obtain SYSTEM-level code execution by abusing the Client Update Service. The service exposes a .NET Remoting endpoint over a named pipe with missing authorization checks (CWE-862), letting any local user invoke privileged Update() methods that perform arbitrary file write/delete as NT AUTHORITY\SYSTEM. No public exploit identified at time of analysis, but technical details were disclosed by SEC Consult (SEC-VLab).

Privilege Escalation Authentication Bypass Schema St4
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-11857 HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE Schema St4
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-11858
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows low-privileged authenticated Windows users to obtain SYSTEM-level code execution by abusing the Client Update Service. The service exposes a .NET Remoting endpoint over a named pipe with missing authorization checks (CWE-862), letting any local user invoke privileged Update() methods that perform arbitrary file write/delete as NT AUTHORITY\SYSTEM. No public exploit identified at time of analysis, but technical details were disclosed by SEC Consult (SEC-VLab).

Privilege Escalation Authentication Bypass Schema St4
NVD
CVE-2026-11857
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy