PT-2026-52662 · Nec · Expressupdate Agent For Windows

Masahiro Iida

·

Published

2026-06-26

·

Updated

2026-06-26

·

CVE-2026-8797

CVSS v4.0

8.5

High

VectorAV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-782

Related Identifiers

CVE-2026-8797

Affected Products

Expressupdate Agent For Windows