Description
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from improperly secured permissions on the MSI NBFoundation Service named pipe, MSI_SERVICE_2. A remote attacker can connect to the pipe and read sensitive data exposed by the service. The flaw leads to an information disclosure that compromises the confidentiality of the data handled by the service. Based on the description, the likely attack vector is remote via inter‑process communication through a named pipe.

Affected Systems

The affected product is the MSI NBFoundation Service, version 2.0.2506.1201, distributed by MSI. No additional vendor or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a remote actor to connect to the MSI_SERVICE_2 pipe, which can be accessed without authentication due to insecure permissions. The risk is primarily a loss of confidentiality; there is no evidence of impact on integrity or availability.

Generated by OpenCVE AI on June 25, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the MSI NBFoundation Service to the latest version released by MSI that fixes the pipe permission issue.
  • If an update cannot be applied immediately, restrict access to the MSI_SERVICE_2 named pipe by applying appropriate security descriptors so that only trusted system accounts can read or write to it.
  • If the service is not essential, disable the MSI_SERVICE_2 pipe or uninstall the MSI NBFoundation Service as a temporary workaround.
  • Monitor the MSI_SERVICE_2 named pipe for unauthorized connections using system auditing or monitoring tools.

Generated by OpenCVE AI on June 25, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Insecure Permissions on MSI NBFoundation Service Named Pipe Exposes Sensitive Information
Weaknesses CWE-200

Thu, 25 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-25T20:02:58.972Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37453

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T21:30:11Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor