CVE-2025-26850

CRITICAL

Quest KACE SMA <14.0.97, <14.1.19 - Privilege Escalation

Title source: llm

Description

The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.

References (1)

Core 1

Core References

Various Sources

https://support.quest.com/kb/4378559/quest-response-to-kace-sma-agent-vulnerability-cve-2025-26850

Scores

CVSS v3 9.3

EPSS 0.0016

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (2)

Quest/KACE Systems Management Appliance < 14.0.97

Quest/KACE Systems Management Appliance 14.1.0 - 14.1.19

Published Jul 05, 2025

Tracked Since Feb 18, 2026