Zero Day MonitorZDM

← Back to list

—

CVE-2026-9489EXPLOITED

dell · nitrosense

NitroSense V3: Local Privilege Escalation (LPE) vulnerability

Description

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Affected Products

Vendor	Product	Versions
dell	nitrosense	3.01.3001

References

https://community.acer.com/en/kb/articles/19652

Related News (1 articles)

Tier C

VulDB14d ago

CVE-2026-9489 | Acer NitrorSense up to 3.01.3052 path traversal

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-22, CWE-269, CWE-284, CWE-732

PublishedMay 25, 2026

Last enriched14d agov2

Trending Score5

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-46638

CVE-2025-46638: Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remo

Multiple Vulnerabilities in Dell Products Including Dell Private Cloud, PowerSwitch Z9864F-ON, Dell Automation Platform, and Dell VxRail Appliance

MEDIUMCVE-2026-40713EXP

CVE-2026-40713: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenti

HIGHCVE-2026-40715

CVE-2026-40715: Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privile

MEDIUMCVE-2026-35070

CVE-2026-35070: Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 25, 2026

Discovered by ZDM

May 25, 2026

Updated: description, affectedVersions, severity, activelyExploited

May 25, 2026

Actively Exploited

May 26, 2026

Version History

v2

Last enriched 14d ago

v2Tier C14d ago

Updated description with new technical details, marked severity as CRITICAL, and noted that the vulnerability is actively exploited.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v114d ago

Initial creation