{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0539", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2025-12-23T13:06:22.032Z", "datePublished": "2026-04-22T13:02:01.750Z", "dateUpdated": "2026-04-22T14:09:01.708Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-22T13:02:01.750Z"}, "title": "Local Privilege Escalation in pcvisit service client", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "pcvisit", "product": "pcvisit Remote Host Modul", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "22.6.22.1329", "lessThan": "25.12.3.1745", "versionType": "custom"}, {"status": "unaffected", "version": "0", "lessThan": "22.6.22.1329", "versionType": "custom"}, {"status": "unaffected", "version": "25.12.3.1745"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u00a022.6.22.1329 and was fixed in 25.12.3.1745.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745."}]}], "references": [{"url": "https://www.pcvisit.de/kundenbereich/release-notes", "tags": ["release-notes"]}, {"url": "https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/", "tags": ["third-party-advisory", "technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T14:06:45.464940Z", "id": "CVE-2026-0539", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:09:01.708Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0539", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2025-12-23T13:06:22.032Z", "datePublished": "2026-04-22T13:02:01.750Z", "dateUpdated": "2026-04-22T14:09:01.708Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-04-22T13:02:01.750Z"}, "title": "Local Privilege Escalation in pcvisit service client", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "pcvisit", "product": "pcvisit Remote Host Modul", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "22.6.22.1329", "lessThan": "25.12.3.1745", "versionType": "custom"}, {"status": "unaffected", "version": "0", "lessThan": "22.6.22.1329", "versionType": "custom"}, {"status": "unaffected", "version": "25.12.3.1745"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u00a022.6.22.1329 and was fixed in 25.12.3.1745.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745."}]}], "references": [{"url": "https://www.pcvisit.de/kundenbereich/release-notes", "tags": ["release-notes"]}, {"url": "https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/", "tags": ["third-party-advisory", "technical-description"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0539", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-22T14:06:45.464940Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:08:57.176Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u00a022.6.22.1329 and was fixed in 25.12.3.1745."}], "id": "CVE-2026-0539", "lastModified": "2026-04-22T14:16:30.317", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2026-04-22T14:16:30.317", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.pcvisit.de/kundenbereich/release-notes"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T15:02:28.812205+00:00", "value": {"mitigation_remediation": ["Upgrade the pcvisit Remote Host Modul to version 25.12.3.1745 or later, which removes the insecure permission setting.", "If upgrading is not immediately possible, restrict write permissions on the service binary and its containing folder so that only administrators can modify them.", "If none of the above actions can be performed, stop or disable the pcvisit service to prevent any privilege escalation via the binary."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected are pcvisit Remote Host Modul installations on Windows that include versions newer than 22.6.22.1329. The issue was resolved in version 25.12.3.1745 and later.", "description_and_impact": "The flaw is an incorrect default permission setting on the pcvisit service binary installed on Windows. A local user who is not privileged can overwrite that binary with arbitrary contents. When Windows starts the machine, the service binary is automatically started with NT\\SYSTEM privileges; therefore, a compromised binary grants the attacker complete control over the system.", "risk_and_exploitability": "The CVSS score of 8.5 indicates a high impact vulnerability. Although no EPSS value is available, the vulnerability is not in the CISA KEV catalog. The attack vector is local; a low\u2011privileged user who can write to the file system can take advantage of the misconfigured permissions. Once the attacker replaces the binary, the malicious code will execute under SYSTEM level, giving full system compromise."}}}}, "created": "2026-04-22T15:15:16.414363+00:00", "updated": "2026-04-22T15:15:16.414379+00:00", "vendors": []}