Description
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Published: 2026-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control in Intel Vision software allows an unauthenticated attacker to run arbitrary code and potentially cause a denial of service. The flaw can let unprivileged software exploit the system from any location, impacting confidentiality as high and integrity and availability as low. The attack does not require special internal knowledge or user interaction, making it a straightforward remote exploit.

Affected Systems

Intel Vision software, all versions that operate in Ring 3, is impacted. No specific version numbers are listed, so all released builds should be considered vulnerable.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as high severity. EPSS data is unavailable, but the exploitability is inferred to be low complexity and remote, reachable over the network. The vulnerability is not listed in CISA's KEV catalog. The likely attack vector is network access, and operators face significant risk if the software is exposed to untrusted networks.

Generated by OpenCVE AI on May 12, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Intel Vision software to a version that contains the vendor’s security fix.
  • Restrict the Network access of Intel Vision services by configuration or firewall rules so that only trusted hosts can reach them.
  • Implement network segmentation and isolate the Intel Vision subsystem to reduce exposure to unauthenticated users.

Generated by OpenCVE AI on May 12, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Intel
Intel vision Software
Vendors & Products Intel
Intel vision Software

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Intel Vision Software
cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published:

Updated: 2026-05-12T17:07:20.303Z

Reserved: 2025-12-19T04:00:14.826Z

Link: CVE-2026-20887

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T17:16:19.617

Modified: 2026-05-13T15:52:56.850

Link: CVE-2026-20887

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:38:22Z

Weaknesses