CVE-2026-0828
Awaiting Analysis Awaiting Analysis - Queue

Buffer Overflow in Safetica ProcessMonitorDriver.sys

Vulnerability report for CVE-2026-0828, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: CERT/CC

Description

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
safetica endpoint_client 10.5.75.0
safetica endpoint_client 11.11.4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in Safetica's endpoint client kernel driver ProcessMonitorDriver.sys in versions 10.5.75.0 and 11.11.4.0. It allows an unprivileged local user to exploit an insecure IOCTL (Input/Output Control) path to terminate protected system processes.

This flaw arises from improper input sanitization and user validation, enabling privilege escalation and denial-of-service attacks by terminating arbitrary system processes with elevated privileges.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious IOCTL requests targeting the ProcessMonitorDriver.sys kernel driver in Safetica's endpoint client. Since the flaw involves abuse of an insecure IOCTL path, observing unusual or unauthorized IOCTL calls can indicate exploitation attempts.

Deploying endpoint detection and response (EDR) tools is recommended to help identify and alert on such suspicious activities.

Specific commands are not provided in the available resources, but monitoring tools that track IOCTL calls or process termination events related to ProcessMonitorDriver.sys would be effective.

Impact Analysis

An attacker exploiting this vulnerability can repeatedly terminate critical system processes, which can disrupt Safetica's security monitoring and potentially render systems unavailable.

This can lead to denial-of-service conditions and compromise the security posture of affected systems by disabling protection mechanisms.

  • Disruption of security monitoring
  • Denial-of-service attacks
  • Potential privilege escalation
Compliance Impact

The vulnerability in Safetica's endpoint client allows unprivileged users to terminate protected system processes, potentially disrupting Safetica's security monitoring and protection mechanisms.

Since Safetica's platform includes compliance reporting features for regulations such as GDPR and HIPAA, this vulnerability could impair the effectiveness of those compliance controls by enabling denial-of-service attacks or privilege escalation that undermine data protection and insider risk management.

Therefore, the vulnerability may increase regulatory risks by weakening the enforcement of security policies and reducing the reliability of compliance-related monitoring and reporting.

Mitigation Strategies

Immediate mitigation steps include monitoring for suspicious IOCTL requests and deploying endpoint detection and response tools to detect exploitation attempts.

Enforce policy-based restrictions such as Windows Group Policy or Application Control to block unauthorized access to the vulnerable ProcessMonitorDriver.sys driver.

As of the publication date, no vendor-provided fix is available, so these mitigations are critical to reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0828. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart