PT-2026-44171 · Acer · Nitrosense

Published

2026-05-28

·

Updated

2026-05-28

·

CVE-2026-9789

CVSS v4.0

8.5

High

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Acer NitroSense versions prior to 3.01.3052
Description A Local Privilege Escalation issue exists in the PSAdminAgent service. The service creates a Named Pipe with a weak Access Control List (ACL), which is a set of permissions that defines who can access a specific object. This allows any authenticated local user to connect and send commands. Since the service fails to verify the caller's privileges before executing file deletion commands, a low-privileged local user can delete arbitrary files with system authority.
Recommendations Update to version 3.01.3052 or later.

Fix

LPE

Improper Access Control

Incorrect Permission

Improper Privilege Management

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9789

Affected Products

Nitrosense