CVE-2026-9490
MEDIUMAcer Care Center creates a Named Pipe with a weak Security Descriptor
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-9490. PoCs published by ugvxb.
AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2026-9490, demonstrating a Denial of Service (DoS) attack against the Acer Care Center service (ACCSvc.exe) via a weakly secured Named Pipe. The exploit sends a crafted payload to crash the service, and the README provides detailed technical analysis of the vulnerability, including affected components, security descriptors, and binary analysis.
Description
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.
Exploits (1)
The repository contains a functional Python exploit for CVE-2026-9490, demonstrating a Denial of Service (DoS) attack against the Acer Care Center service (ACCSvc.exe) via a weakly secured Named Pipe. The exploit sends a crafted payload to crash the service, and the README provides detailed technical analysis of the vulnerability, including affected components, security descriptors, and binary analysis.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H