PT-2026-53735 · Undefined · Undefined
Jens Beimel
·
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-57919
CVSS v3.1
7.8
High
| Vector | AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N |
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (.pipePBackupVSS) with a DACL that grants GENERIC READ and GENERIC WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.
Fix
Incorrect Default Permissions
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined