Winmatrix
Monthly
WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. Taiwan CERT issued advisories in January 2026 for versions 3.5.13 through 3.5.26.15. No public exploit identified at time of analysis, but CVSS 9.3 reflects catastrophic potential impact given the agent's privileged access and network propagation capability. EPSS data not available for new 2026 CVE.
WinMatrix agent escalates privileges to SYSTEM without authentication, enabling authenticated local users to execute arbitrary code with full administrative control on both the local machine and all networked hosts where the agent is deployed. This environmental spread capability (CVSS scope change: H) transforms a local vulnerability into an enterprise-wide threat. Taiwan CERT issued advisories in January 2026 for versions 3.5.13 through 3.5.26.15. No public exploit identified at time of analysis, but CVSS 9.3 reflects catastrophic potential impact given the agent's privileged access and network propagation capability. EPSS data not available for new 2026 CVE.