Description
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
Published: 2026-03-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch
AI Analysis

Impact

The IDExpert Windows Logon Agent contains a flaw that allows an unauthenticated attacker to command the system to download and execute arbitrary DLL files from a remote source. This flaw can lead to complete compromise of the affected machine by executing malicious code with the privileges of the agent process, classified as CWE‑494 for downloading untrusted binaries.

Affected Systems

All installations of the Changing: IDExpert Windows Logon Agent running on Windows operating systems are affected. The vulnerability applies to any currently deployed version of the product, as no specific version was identified in the advisory.

Risk and Exploitability

The CVSS score of 9.3 reflects the high severity of this remote code execution vulnerability. However, the EPSS score of less than 1% indicates that exploitation remains unlikely at present, and the vulnerability is not listed in CISA’s KEV catalog. Attackers would need network access to the target system and could exploit the agent without authentication, making this a remote, unauthenticated vector that could be leveraged from outside the local network if the agent is reachable.

Generated by OpenCVE AI on April 16, 2026 at 14:40 UTC.

Remediation

Vendor Solution

Contact the vendor to patch or download the patch from the official website. Link: https://www.changingtec.com/news_detail.jsp?item_id=348

OpenCVE Recommended Actions

  • Obtain and install the vendor patch or download the fix from the official Changing website.
  • If the patch is not yet available, disable or uninstall the IDExpert Windows Logon Agent to remove the vulnerable component.
  • Implement network filtering or firewall rules to block the agent from initiating outbound DLL downloads from external locations.
  • Deploy endpoint protection that detects and blocks the execution of unknown or unsigned DLL files.

Generated by OpenCVE AI on April 16, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Changingtec
Changingtec idexpert
CPEs cpe:2.3:a:changingtec:idexpert:*:*:*:*:*:windows:*:*
Vendors & Products Changingtec
Changingtec idexpert

Wed, 04 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Changing
Changing idexpert Windows Logon Agent
Vendors & Products Changing
Changing idexpert Windows Logon Agent

Mon, 02 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
Description IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
Title Changing|IDExpert Windows Logon Agent - Remote Code Execution
Weaknesses CWE-494
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Changing Idexpert Windows Logon Agent
Changingtec Idexpert
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-03-02T14:08:22.120Z

Reserved: 2026-02-23T01:38:31.326Z

Link: CVE-2026-3000

cve-icon Vulnrichment

Updated: 2026-03-02T14:08:13.909Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T07:16:23.013

Modified: 2026-03-09T14:21:34.527

Link: CVE-2026-3000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses