Description
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.
Published: 2026-05-08
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PredatorSense V3 exposes a Windows Named Pipe that incorrectly allows any authenticated local user to send messages via a custom protocol, invoking internal functions that are meant to run with SYSTEM privileges. The misconfiguration permits the attacker to execute arbitrary code with full SYSTEM rights and delete any file on the system. This elevates local users to system-level authority, enabling full control over the affected machine.

Affected Systems

Acer PredatorSense V3 versions ranging from 3.00.3136 to 3.00.3196 are vulnerable. Updating the software to version 3.00.3198 removes the misconfigured named pipe and eliminates the exploit path.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, indicating high severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, suggesting no publicly known exploits yet. Nonetheless, an authenticated local user can exploit the exposed named pipe, making it a low-barrier attack for insiders or opportunistic malware. The reliance on local authentication means the threat surface is limited to the target machine, but the impact is total system compromise due to SYSTEM privileges.

Generated by OpenCVE AI on May 8, 2026 at 07:20 UTC.

Remediation

Vendor Solution

Update to version 3.00.3198.

OpenCVE Recommended Actions

  • Update PredatorSense V3 to version 3.00.3198 as soon as possible.
  • If an immediate update is not feasible, disable the PredatorSense service or block the exposed named pipe using local security policy to prevent access by non‑admin users.
  • Monitor Windows event logs for any IPC or named pipe activity and enforce least privilege principles so that only trusted users have access to the pipe.

Generated by OpenCVE AI on May 8, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 08 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.
Title PredatorSense V3: Local Privilege Escalation (LPE) vulnerability
Weaknesses CWE-22
CWE-269
CWE-284
CWE-732
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-05-08T12:51:41.992Z

Reserved: 2026-05-07T06:26:33.337Z

Link: CVE-2026-8069

cve-icon Vulnrichment

Updated: 2026-05-08T12:51:38.177Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-08T07:16:29.443

Modified: 2026-05-08T15:34:56.710

Link: CVE-2026-8069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T07:30:03Z

Weaknesses