CVE-2026-4606 in GV-Edge Recording Managerthông tin

Tóm tắt

Bởi MITRE • 23/03/2026

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account.

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.

Any ERM function invoking Windows file open/save dialogs exposes the same risk.

This vulnerability allows local privilege escalation and may result in full system compromise.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Đặt trước

23/03/2026

Tiết lộ

23/03/2026

Kiểm duyệt

được chấp nhận

mục

VDB-352474

CPE

sẵn sàng

CWE

CWE-250 (Đã xác nhận)

CVSS

7.8 (VulDB)

EPSS

0.00065

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4606
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4606
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4606/

◂ Trước Tổng Quan Tiếp theo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!