Description
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insecure permissions configuration in the MSI NBFoundation Service version 2.0.2506.1201 enables a remote attacker by interacting with the MSIAPService.exe component. The vulnerability stems from improper access controls that allow unauthorized reads of protected data, thereby exposing confidential information.

Affected Systems

MSI NBFoundation Service version 2.0.2506.1201 is affected. The issue centers on the MSIAPService.exe executable, whose filesystem permissions permit exposure of sensitive data to unauthorized users.

Risk and Exploitability

No CVSS or EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, so a precise quantitative risk rating cannot be determined from the data. However, the lack of proper permissions grants remote attackers the ability to read protected information, which could facilitate broader compromise if additional data or credentials are revealed. The likely attack vector is remote, as the description refers to a "remote attacker," but the exact method of exploitation is unspecified beyond access to the MSIAPService.exe component.

Generated by OpenCVE AI on June 25, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If an official patch or updated MSI NBFoundation Service version is available, upgrade immediately to eliminate the insecure permissions configuration.
  • Verify that the MSIAPService.exe file and any related configuration files have permissions that restrict access to privileged or authorized accounts only, and remove any world‑readable or executable rights.
  • If an update is not yet released, limit the network exposure of the MSIAPService component by applying firewall rules or host-based controls to restrict access to trusted hosts and monitor system logs for anomalous access attempts.

Generated by OpenCVE AI on June 25, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Insecure Permissions in MSI NBFoundation Service Expose Sensitive Data
Weaknesses CWE-284

Thu, 25 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-25T20:07:51.383Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37452

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T23:00:14Z

Weaknesses