Description
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html
Scores
CVSS v3
8.8
EPSS
0.0018
EPSS Percentile
7.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
Simopro Technology/WinMatrix
3.5.13 - 3.5.26.15
Published
Apr 16, 2026
Tracked Since
Apr 16, 2026