PT-2026-44171 · Acer · Nitrosense
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-9789
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Acer NitroSense versions prior to 3.01.3052
Description
A Local Privilege Escalation issue exists in the PSAdminAgent service. The service creates a Named Pipe with a weak Access Control List (ACL), which is a set of permissions that defines who can access a specific object. This allows any authenticated local user to connect and send commands. Since the service fails to verify the caller's privileges before executing file deletion commands, a low-privileged local user can delete arbitrary files with system authority.
Recommendations
Update to version 3.01.3052 or later.
Fix
LPE
Improper Access Control
Incorrect Permission
Improper Privilege Management
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nitrosense