CVE-2026-1680
Unknown Unknown - Not Provided
Improper Access Control in Edgemo LocalAdminService Enables Privilege Escalation

Publication date: 2026-01-30

Last updated on: 2026-03-03

Assigner: National Cyber Security Centre Finland

Description
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
danofficeit local_admin_service 1.2.7.23180
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1680 is a local privilege escalation vulnerability in the Local Admin Service version 1.2.7.23180 by Edgemo (now Danoffice IT). The service has two components: a client application that enforces group membership restrictions before requesting elevation, and a high-privileged service that manages elevation requests via a WCF endpoint. The vulnerability exists because the service does not enforce group membership checks itself, allowing an attacker to bypass the client restrictions by directly communicating with the service's WCF endpoint. This lets any local user escalate their privileges to local administrator by invoking the elevation method directly. [1]

Compliance Impact

The provided resources do not contain information about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability allows any local user on a Windows machine running the affected Local Admin Service to escalate their privileges to local administrator without proper authorization. This can lead to unauthorized administrative access, enabling the attacker to install software, change system settings, access sensitive data, or further compromise the system and network security. [1]

Detection Guidance

This vulnerability can be detected by checking if the LocalAdminService.exe WCF endpoint at net.pipe://localhost/Elevation is accessible and if unauthorized users can invoke the Elevate method to gain administrator privileges. Since the vulnerability involves bypassing client-side group membership checks by directly communicating with the named pipe, detection involves monitoring or attempting to connect to this named pipe endpoint. A practical approach is to use PowerShell or other tools to attempt to connect to the named pipe and invoke the Elevate method, or to check if unauthorized users have been added to the local administrators group unexpectedly. Specific commands are not provided in the resources, but creating or using a proof-of-concept client to test the endpoint is suggested. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the LocalAdminService.exe named pipe (net.pipe://localhost/Elevation) to trusted users only, monitoring and auditing local administrator group membership changes, and limiting local user permissions to prevent unauthorized communication with the service. Since no patch or remediation has been provided by Danoffice IT, organizations should consider disabling or uninstalling the Local Admin Service if possible, or applying strict access controls at the OS level to prevent exploitation. Additionally, reviewing and enforcing organizational policies regarding local privilege elevation requests is recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart