CVE-2026-8069
Local Privilege Escalation in PredatorSense
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acer | predatorsense | From 3.00.3136 (inc) to 3.00.3196 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows an attacker who has local authenticated access to the system to execute arbitrary code with the highest system privileges (NT AUTHORITY\SYSTEM). This means the attacker can fully control the affected system, including deleting any files, potentially leading to system compromise, data loss, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this Local Privilege Escalation vulnerability in PredatorSense versions before 3.00.3196, users should upgrade to PredatorSense version 3.00.3198 or later.
The updated version resolves the misconfigured Windows Named Pipe issue that allows arbitrary code execution with SYSTEM privileges.
Users are advised to download and install the fixed version from the Acer Support website as soon as possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows any authenticated local user to execute arbitrary code with SYSTEM privileges and delete arbitrary files, which can lead to unauthorized access and potential data breaches.
Such unauthorized privilege escalation and potential data manipulation could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and system integrity.
However, the provided information does not explicitly describe the direct impact on compliance with these standards.
Can you explain this vulnerability to me?
PredatorSense versions 3.00.3136 to 3.00.3196 have a Local Privilege Escalation (LPE) vulnerability caused by a misconfigured Windows Named Pipe. This Named Pipe uses a custom protocol to invoke internal functions but is improperly set up, allowing any authenticated local user to execute arbitrary code or delete files with SYSTEM-level privileges.