CVE-2026-4606

Name of the Vulnerable Software and Affected Versions GV Edge Recording Manager version 2.3.1

Description The software improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. The software creates a Windows service that runs under the LocalSystem account, and related processes are spawned under SYSTEM privileges instead of the logged-in user's security context. Functions like 'Import Data' open Windows file dialogs with SYSTEM permissions, potentially enabling modification or deletion of protected system files and directories. Any function invoking Windows file open/save dialogs exposes the same risk, leading to local privilege escalation and potential full system compromise.

Recommendations Versions prior to 2.3.1 are recommended.