{"api_version":"1","generated_at":"2026-06-30T22:02:22+00:00","cve":"CVE-2026-57919","urls":{"html":"https://cve.report/CVE-2026-57919","api":"https://cve.report/api/cve/CVE-2026-57919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-57919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-57919"},"summary":{"title":"CVE-2026-57919","description":"PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\\\.\\pipe\\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.","state":"PUBLISHED","assigner":"mitre","published_at":"2026-06-29 20:17:40","updated_at":"2026-06-30 14:22:10"},"problem_types":["CWE-276","CWE-426","n/a","CWE-276 CWE-276 Incorrect Default Permissions","CWE-426 CWE-426 Untrusted Search Path"],"metrics":[{"version":"3.1","source":"cve@mitre.org","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N","version":"3.1"}}],"references":[{"url":"https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backup","name":"https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backup","refsource":"cve@mitre.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://matrix42.com","name":"https://matrix42.com","refsource":"cve@mitre.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-57919","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-29T20:43:45.504415Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-276","description":"CWE-276 Incorrect Default Permissions","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-29T20:44:19.597Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\\\.\\pipe\\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-06-29T19:44:25.905Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://matrix42.com"},{"url":"https://docs.matrix42.com/en_US/1041748_vulnerability-list/cve-2026-57919-privilege-escalation-in-empirum-personal-backup"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2026-57919","datePublished":"2026-06-29T00:00:00.000Z","dateReserved":"2026-06-26T00:00:00.000Z","dateUpdated":"2026-06-29T20:44:19.597Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-29 20:17:40","lastModifiedDate":"2026-06-30 14:22:10","problem_types":["CWE-276","CWE-426","n/a","CWE-276 CWE-276 Incorrect Default Permissions","CWE-426 CWE-426 Untrusted Search Path"],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-29T20:43:45.504415Z","id":"CVE-2026-57919","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"57919","Ordinal":"1","Title":"CVE-2026-57919","CVE":"CVE-2026-57919","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"57919","Ordinal":"1","NoteData":"PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\\\.\\pipe\\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. This allows privilege escalation by placing a malicious shadow.exe in a controlled working directory.","Type":"Description","Title":"CVE-2026-57919"}]}}}