CVE-2026-8797
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
Risk Assessment
The risk involves potential full system compromise by an attacker, leading to data theft, malware installation, or disruption of IT infrastructure.
Recommendation
It is recommended to immediately apply patches provided by the vendor and restrict access to the ExpressUpdate Agent application to trusted users only.
Original NVD description (English source)
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.

