CVE-2026-0539
Description
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-0539? +
How do I check if I'm vulnerable to CVE-2026-0539? +
Related Vulnerabilities
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow …
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin …
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This …
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default …
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the …
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible …