Japan
サイト内の現在位置
Access Control Deficiency Vulnerability in ExpressUpdate Agent for Windows
Number: NV26-004
CVE: CVE-2026-8797
Overview
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
Products Affected
ExpressUpdate Agent for Windows
Affected Version
ExpressUpdate Agent for Windows 3.24 and earlier
Solution
Please update to ExpressUpdate Agent for Windows version 3.25.
https://www.support.nec.co.jp/View.aspx?id=9010102102
References
CVE-2026-8797
https://www.cve.org/CVERecord?id=CVE-2026-8797
Credit
reported by LAC Co., Ltd. MASAHIRO IIDA for NEC-PSIRT.
Update
- 2026/06/26
-
First edition