Description
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
Published: 2026-06-26
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Kernel driver ProcessMonitorDriver.sys in Safetica Endpoint Client x64 versions 10.5.75.0 and 11.11.4.0 contains an improperly validated IOCTL handler that allows an unprivileged local user to send a crafted request. The flaw is an instance of CWE‑269.

Affected Systems

Safetica Endpoint Client, x64, versions 10.5.75.0 and 11.11.4.0. The vulnerability exists in the kernel driver ProcessMonitorDriver.sys. No other affected products are listed.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not currently listed in CISA's KEV catalog. Based on the description, it is inferred that the attack vector requires local, unprivileged access, so exploitation depends on the attacker having physical or remote local control of the machine. With the documented ability to kill critical processes, even a low‑entropy attack could cause significant disruption. of 7.5 indicates medium‑high severity, and the potential impact and requirement for privileged operation suggest a significant risk. The lack of a publicly available exploit does not reduce the importance of mitigating the flaw promptly.

Generated by OpenCVE AI on June 26, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Safetica Endpoint Client release that addresses the IOCTL validation bug.
  • If upgrading is not immediately possible, disable or remove the ProcessMonitorDriver.sys driver and any associated services to prevent the abuse vector.
  • On affected systems, enable process monitoring and alerts for unexpected termination of critical system processes to detect and respond to abuse attempts.

Generated by OpenCVE AI on June 26, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.safetica.com/ cve-icon
History

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Fri, 26 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
Title Kernel driver vulnerability in Safetica Endpoint Client
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-06-26T17:33:16.746Z

Reserved: 2026-01-09T19:21:20.617Z

Link: CVE-2026-0828

cve-icon Vulnrichment

Updated: 2026-06-26T15:50:43.484Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T20:00:05Z

Weaknesses

No weakness.