CVE-2026-4606
Deferred Deferred - Pending Action

Local Privilege Escalation in GV Edge ERM via SYSTEM-Level Service

Vulnerability report for CVE-2026-4606, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-23

Last updated on: 2026-05-19

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation, ERM creates a Windows service that runs under the LocalSystem account.  When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.  Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.  Any ERM function invoking Windows file open/save dialogs exposes the same risk.  This vulnerability allows local privilege escalation and may result in full system compromise.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-23
Last Modified
2026-05-19
Generated
2026-07-07
AI Q&A
2026-03-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gv_edge_recording_manager erm 2.3.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

GV Edge Recording Manager (ERM) version 2.3.1 runs application components with SYSTEM-level privileges improperly. This means that any local user on the system can gain full control over the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, its related processes run with SYSTEM privileges instead of the logged-in user's security context.

Functions like 'Import Data' open Windows file dialogs that operate with SYSTEM permissions, allowing modification or deletion of protected system files and directories. Any ERM function that invokes Windows file open/save dialogs exposes this risk.

Overall, this vulnerability allows local privilege escalation and may lead to full system compromise.

Impact Analysis

This vulnerability can allow any local user to escalate their privileges to SYSTEM level, effectively gaining full control over the affected operating system.

With SYSTEM-level access, an attacker can modify or delete protected system files and directories, potentially leading to system instability, data loss, or unauthorized access to sensitive information.

The full system compromise risk means that attackers could install malware, create backdoors, or disrupt normal system operations.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4606. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart