CVE Catalog

CVE-2026-37452

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

An insecure permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component.

Risk Assessment

The organization is at risk of sensitive data leakage, which could be used for further attacks or identity theft.

Recommendation

Immediately update MSI NBFoundation Service to the latest version and restrict access to the MSIAPService.exe component through appropriate firewall rules.

Original NVD description (English source)

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS