Severity: 9.1 Critical (9.0-10.0)
CVE ID: CVE-2026-2449
Details
This advisory address a vulnerability where commands can be injected into upKeeper Instant Privilege client internal communications.
Problem type: CWE-88
Impact: CAPEC-30
Applicability
This advisory is applicable only when
| Product Name | Impacted Version(s) | Fixed Version(s) | Released On |
|---|---|---|---|
| upKeeper Instant Privilege Access | through 1.5.0 | 1.6.0.4576 | 2026-03-05 |
Impact
This vulnerability allows users to send commands to upKeeper Instant Privilege client service that will be executed with the rights and context of the local upKeeper Instant Privilege service.
Fix
This issue has been fixed by updating upKeeper Instant Privilege to 1.6.0.4576 version or later.
Acknowledgements
This vulnerability was reported by Tony Nilsson.
Please contact our security team (secure@upkeeper.se) for security related questions and product support (help@upkeeper.se) for questions about our products or services.
Comments
0 comments
Article is closed for comments.