CVE-2026-9789
Local Privilege Escalation in Acer NitroSense
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acer | nitrosense | to 3.01.3052 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a low-privileged local user to escalate their privileges to system level by deleting arbitrary files with system authority. This can lead to system instability, data loss, or compromise of system integrity.
Can you explain this vulnerability to me?
This vulnerability is a Local Privilege Escalation (LPE) issue in Acer NitroSense software versions before 3.01.3052. It arises because the PSAdminAgent service creates a Named Pipe with a weak Access Control List (ACL), allowing any authenticated local user to connect and send commands.
Since the service does not verify the caller's privileges before executing file deletion commands, a low-privileged user can exploit this flaw to delete arbitrary files with system-level authority.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the PSAdminAgent service creating a Named Pipe with a weak Access Control List (ACL) that allows any authenticated local user to connect and send commands.
To detect this vulnerability on your system, you can check for the presence of the PSAdminAgent service and inspect the permissions of its Named Pipe.
For example, on a Windows system, you can use the following commands:
- Use 'sc query PSAdminAgent' to verify if the PSAdminAgent service is running.
- Use 'handle.exe -a | findstr PSAdminAgent' (from Sysinternals) to find Named Pipes related to PSAdminAgent.
- Use 'icacls' on the Named Pipe path to check its ACL permissions.
If the Named Pipe has weak ACLs allowing access to low-privileged users, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Acer NitroSense software to version 3.01.3056 or later, where this vulnerability is resolved.
Until the update can be applied, restrict access to the PSAdminAgent service and its Named Pipe by tightening ACL permissions to prevent low-privileged users from connecting.
Additionally, monitor and audit local user activities to detect any suspicious attempts to exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this Local Privilege Escalation vulnerability in Acer NitroSense software affects compliance with common standards and regulations such as GDPR or HIPAA.