CVE-2026-37454
Awaiting Analysis Awaiting Analysis - Queue
Insecure Permissions in MSI NBFoundation Service Allows Information Disclosure

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: MITRE

Description
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-37454
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
msi nbfoundation_service 2.0.2506.1201
msi nbfoundation_service to 2.0.2506.1201 (inc)
msi nbfoundation_service 2.0.70.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-37454 is a local privilege escalation vulnerability in MSI Center's MSI NBFoundation Service (MSIAPService.exe), which runs with NT AUTHORITY\SYSTEM privileges.

This vulnerability allows an authenticated, low-privileged local user to perform arbitrary read, write, or delete operations on the Windows registry under HKLM or HKCU without any caller authentication.

The flaw specifically affects the REG command group exposed via the named pipe \\.\pipe\MSI_SERVICE_2, which is accessible to all Authenticated Users.

An attacker exploiting this vulnerability can modify critical registry keys, such as those controlling system startup or services, potentially leading to system compromise or denial of service.

Impact Analysis

This vulnerability can allow a low-privileged authenticated user to escalate their privileges to SYSTEM level by modifying critical Windows registry keys.

An attacker could achieve persistence by altering startup keys, hijack services, or disrupt system operations, potentially leading to full system compromise or denial of service.

Detection Guidance

This vulnerability involves the MSI NBFoundation Service (MSIAPService.exe) allowing arbitrary registry operations via the named pipe \\.\pipe\MSI_SERVICE_2 accessible to all Authenticated Users.

To detect if your system is vulnerable, you can check the version of MSI Center / MSI NBFoundation Service installed. Versions up to and including 2.0.2506.1201 are affected.

You can also check for suspicious modifications in registry keys such as CurrentVersion\Run or CurrentControlSet\Services\* which might indicate exploitation attempts.

While no specific detection commands are provided, you may use the following general commands to check the service version and registry keys:

  • Check MSI NBFoundation Service version: Use PowerShell command `Get-ItemProperty 'HKLM:\Software\MSI\NBFoundationService'` or check the executable properties of MSIAPService.exe.
  • List named pipes and check access: Use Sysinternals' PipeList tool or PowerShell to enumerate named pipes and verify if \\.\pipe\MSI_SERVICE_2 exists.
  • Inspect registry keys for unauthorized changes: Use `reg query` commands, e.g., `reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run` and `reg query HKLM\SYSTEM\CurrentControlSet\Services`.
Mitigation Strategies

The primary and recommended mitigation is to upgrade MSI Center / MSI NBFoundation Service to the fixed version 2.0.70.0 or later through MSI's official update channel.

There is no configuration-only workaround available for the affected versions.

Compliance Impact

The provided information does not specify how the CVE-2026-37454 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-37454. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart