Description
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Published: 2026-06-01
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A privilege chaining flaw appears in ServerView Agents for Windows V11.60.04 and earlier. A local authenticated user who can log into the host can exploit this weakness to elevate their privileges to SYSTEM. The vulnerability is a CWE‑268 weakness, allowing unrestricted access to kernel level resources once abused. The impact is a full compromise of the affected machine, permitting execution of arbitrary code, data exposure, or further lateral movement within the network.

Affected Systems

Servers that run ServerView Agents for Windows version 11.60.04 or older. All installations of the product on Windows hosts fall within the scope of the vulnerability.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog. Because the exploit requires a local authenticated user, the attack vector is limited to the local environment; however, once gained, SYSTEM privilege gives the attacker complete control over the system. The high availability of local accounts on many facilities makes this risk tangible if the agent is not patched.

Generated by OpenCVE AI on June 1, 2026 at 10:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the newest ServerView Agent for Windows release that contains the privilege‑escalation fix.
  • Restrict local user accounts on affected servers to the least‑privilege model, avoiding unnecessary administrative rights.
  • Configure audit logging to detect unexpected SYSTEM-level activity after patches are applied.
  • Consider network segmentation or application whitelisting to reduce the potential impact of an elevated user.

Generated by OpenCVE AI on June 1, 2026 at 10:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Local Authenticated User in ServerView Agents for Windows

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Weaknesses CWE-268
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-01T07:17:31.045Z

Reserved: 2026-05-14T05:26:45.359Z

Link: CVE-2026-32325

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T09:16:16.767

Modified: 2026-06-01T09:16:16.767

Link: CVE-2026-32325

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T10:45:26Z

Weaknesses