Description
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.
Published: 2026-05-18
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Thermo Fisher Scientific Torrent Suite Dx software up to version 5.14.2 contains a flaw that allows an authenticated user with limited privileges to gain administrator‑level access by exploiting specific system interfaces. This defect undermines the confidentiality and integrity of the system, as the attacker can fully control the application and potentially access protected data.

Affected Systems

The affected product is Thermo Fisher Scientific Torrent Suite Dx, version 5.14.2 or earlier. No other vendors or products are listed as affected.

Risk and Exploitability

Because the vulnerability allows privileged escalation, it poses a serious risk to systems where users are authenticated. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no current widespread exploitation. Nonetheless, the potential for an attacker with legitimate credentials to gain full administrative control means the risk is high and requires immediate attention. The CVSS score of 8.8 indicates a high severity.

Generated by OpenCVE AI on May 18, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Torrent Suite Dx release that contains the fix for this elevation flaw.
  • Restrict or disable the system interfaces that can be used for privilege escalation by enforcing least privilege and limiting access to those interfaces to only legitimate administrators.
  • Review all user accounts and remove or downgrade any accounts that have unnecessary administrative rights, and set up monitoring of system logs for abnormal privilege‑elevation activity.

Generated by OpenCVE AI on May 18, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via System Interface Exploitation in Thermo Fisher Torrent Suite Dx

Mon, 18 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Privilege Escalation in Thermo Fisher Torrent Suite Dx
Weaknesses CWE-284

Mon, 18 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title Unauthorized Privilege Escalation in Thermo Fisher Torrent Suite Dx
Weaknesses CWE-284

Mon, 18 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-18T17:16:38.837Z

Reserved: 2026-04-16T00:00:00.000Z

Link: CVE-2026-41085

cve-icon Vulnrichment

Updated: 2026-05-18T17:15:19.429Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-18T17:16:32.270

Modified: 2026-05-18T20:27:12.817

Link: CVE-2026-41085

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T22:00:12Z

Weaknesses