Back to search
CVE-2026-0539
Published: Apr 22, 2026
Modified: Apr 22, 2026
PUBLISHED
Description
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
| Vendor | Product | Versions |
|---|---|---|
pcvisit | pcvisit Remote Host Modul | affected 22.6.22.1329 - < 25.12.3.1745unaffected 0 - < 22.6.22.1329unaffected 25.12.3.1745 |
Weaknesses (CWE)
References
https://www.pcvisit.de/kundenbereich/release-notes
release-notes
https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/
third-party-advisory
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now