CVE Catalog

CVE-2026-8797

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

Risk Assessment

The risk involves potential full system compromise by an attacker, leading to data theft, malware installation, or disruption of IT infrastructure.

Recommendation

It is recommended to immediately apply patches provided by the vendor and restrict access to the ExpressUpdate Agent application to trusted users only.

Original NVD description (English source)

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS