Description
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.
Published: 2026-03-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in Changing's IDExpert Windows Logon Agent, where an attacker can force the system to download and execute arbitrary executable files without authentication. This flaw effectively allows remote code execution, a high‑severity risk (CWE‑494). The impact is immediate compromise of system integrity and confidentiality, as any program can be run with the privileges of the logon agent.

Affected Systems

The affected product is the IDExpert Windows Logon Agent from Changing. No specific version information was included in the CNA data, so all installed instances of this agent remain potentially vulnerable until a patch is applied.

Risk and Exploitability

With a CVSS score of 9.3, this flaw is considered critical. The EPSS score of <1% indicates a low current probability of exploitation, yet the lack of constraints on authentication and the ability to download any executable make it a potent threat. The vulnerability is not listed in the KEV catalog, but the potential for remote, unauthenticated attacks warrants high vigilance. An attacker most likely would communicate over the network to the agent’s listening interface, trigger the download routine, and execute the supplied binary.

Generated by OpenCVE AI on April 16, 2026 at 14:40 UTC.

Remediation

Vendor Solution

Contact the vendor to patch or download the patch from the official website. Link: https://www.changingtec.com/news_detail.jsp?item_id=348

OpenCVE Recommended Actions

  • Contact Changing to obtain the vendor patch or download the patch from the official website and apply it to all installations of IDExpert Windows Logon Agent.
  • If a patch is not yet available, remove or disable the IDExpert Windows Logon Agent from the system to prevent unauthorized remote execution.
  • Implement network controls to block or tightly restrict inbound traffic to the agent’s service port, thereby reducing the window for the remote exploitation attempt.

Generated by OpenCVE AI on April 16, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Changingtec
Changingtec idexpert
CPEs cpe:2.3:a:changingtec:idexpert:*:*:*:*:*:windows:*:*
Vendors & Products Changingtec
Changingtec idexpert

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Changing
Changing idexpert Windows Logon Agent
Vendors & Products Changing
Changing idexpert Windows Logon Agent

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
Description IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.
Title Changing|IDExpert Windows Logon Agent - Remote Code Execution
Weaknesses CWE-494
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Changing Idexpert Windows Logon Agent
Changingtec Idexpert
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-02T14:09:57.935Z

Reserved: 2026-02-23T01:38:30.194Z

Link: CVE-2026-2999

cve-icon Vulnrichment

Updated: 2026-03-02T14:09:37.668Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T07:16:22.743

Modified: 2026-03-09T14:22:11.223

Link: CVE-2026-2999

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses