Overview

A Local Privilege Escalation (LPE) vulnerability has been identified in Acer NitroSense software versions prior to 3.01.3052. This vulnerability, tracked as CVE-2026-9789, is caused by a weak Access Control List (ACL) in a Named Pipe created by the PSAdminAgent service. This weakness allows any authenticated local user to connect to the Named Pipe and send commands. Furthermore, because the service does not verify the caller's privileges before executing file deletion commands, a low-privileged local user can exploit this vulnerability to delete arbitrary files with system authority.

Technical Details

The vulnerability exists in the PSAdminAgent service of Acer NitroSense software. This service creates a Named Pipe with a weak ACL, which is a list that defines the permissions for a security object. In this case, the weak ACL means that the Named Pipe can be accessed by any authenticated local user. Once connected, these users can send commands to the service. The service, however, does not properly validate the privileges of the caller before executing certain commands, specifically those related to file deletion. This oversight enables a low-privileged user to exploit the vulnerability, potentially leading to the deletion of arbitrary files with elevated (system) privileges.

Impact Analysis

The impact of this vulnerability is significant. A low-privileged local user can exploit it to escalate their privileges to those of a system authority. This can lead to a range of malicious activities, including but not limited to, deleting critical system files, which could render the system unstable or completely inoperable. The confidentiality, integrity, and availability of the system can all be compromised. According to the CVSS v4.0 scoring, this vulnerability has a base score of 8.5, indicating a high severity level. The attack vector is local, the attack complexity is low, and no user interaction is required, making it easier for attackers to exploit.

Mitigation

To mitigate this vulnerability, it is highly recommended to update Acer NitroSense software to version 3.01.3052 or later. This version presumably fixes the vulnerability by properly securing the Named Pipe with a stronger ACL and implementing proper privilege checks for commands executed by the PSAdminAgent service. Additionally, system administrators should ensure that only trusted users have local access to the system and monitor system logs for any suspicious activities related to the PSAdminAgent service.