Vulnerability Report

CVE-2026-9789

Title: Local Privilege Escalation in Acer NitroSense

Auth Bypass

Proof Of Concept

PoC Available for CVE-2026-9789

CWE Category CWE-22
Published Date May 28, 2026
Modified Date May 28, 2026
Exploit Status Available
Score 8.5 CVSS v4.0
Exploit Probability (EPSS)
0.11%

Vulnerability Summary

CVE-2026-9789: A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.

Impacted Vendors

Analysis in Progress...

Reference Links

https://community.acer.com/en/kb/articles/19670
CVSS v4.0
Source Entity 8fc372e3-d9c5-46e4-9410-38469745c639
Severity HIGH
8.5
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
N/A
RAW VECTOR CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-9789 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/ugvxb/CVE-2026-9789
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Stack

No specific products linked.