CVE-2026-0539 HIGH

CVE-2026-0539: Local Privilege Escalation in pcvisit service client

Vendor Pcvisit
Product pcvisit Remote Host Modul
Weakness CWE-276
Published April 22, 2026
Last update April 22, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated