CVE-2026-29923

HIGH

EnTech Taiwan PowerStrip <=3.90.736 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-29923. PoCs published by Smarttfoxx, mein-0, athenasec16.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-29923, a local privilege escalation vulnerability in the pstrip64.sys kernel driver. The vulnerability allows arbitrary physical memory mapping via an exposed IOCTL, enabling attackers to escalate privileges to SYSTEM by modifying kernel structures.

Description

The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.

Exploits (3)

nomisec WRITEUP 2 stars
by Smarttfoxx · poc
https://github.com/Smarttfoxx/CVE-2026-29923

This repository provides a detailed technical analysis of CVE-2026-29923, a local privilege escalation vulnerability in the pstrip64.sys kernel driver. The vulnerability allows arbitrary physical memory mapping via an exposed IOCTL, enabling attackers to escalate privileges to SYSTEM by modifying kernel structures.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pstrip64.sys kernel driver
No auth needed
Prerequisites: Access to the vulnerable driver · Low-privileged user access
devstral-2 · analyzed Apr 10, 2026 Full analysis →
github WORKING POC
by mein-0 · cpoc
https://github.com/mein-0/cve-2026-29923

This repository contains a functional exploit for CVE-2026-29923, a local privilege escalation vulnerability in the pstrip64.sys driver (EnTech Taiwan PowerStrip ≤ 3.90.736). The exploit leverages an unrestricted physical memory read/write primitive to overwrite the token of the current process with the SYSTEM token, thereby escalating privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: EnTech Taiwan PowerStrip ≤ 3.90.736
No auth needed
Prerequisites: Driver must be loaded (requires admin privileges to load, but not to exploit once loaded)
devstral-2 · analyzed May 25, 2026 Full analysis →
nomisec WORKING POC
by athenasec16 · poc
https://github.com/athenasec16/CVE-2026-29923

This repository contains a functional exploit PoC for CVE-2026-29923, demonstrating a local privilege escalation (LPE) via physical memory manipulation through a vulnerable driver. The code maps physical memory to locate and modify process tokens, enabling privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: PSTRIP64 driver (version not specified)
No auth needed
Prerequisites: Driver must be loaded · Local access to the system
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0001
EPSS Percentile 3.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Published Apr 09, 2026
Tracked Since Apr 10, 2026