Access Control Vulnerability in Ezbsystems UltraISO Premium Edition Kernel Driver
CVE-2026-12786

8.5HIGH

Key Information:

Vendor

Ezbsystems

Status
Ultraiso Premium Edition
Vendor
CVE Published:
21 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-12786?

A security vulnerability has been identified in Ezbsystems UltraISO Premium Edition affecting the bootpt64.sys component within the Kernel Driver. This issue manifests due to improper access controls, necessitating local access for exploitation. The threat has been publicly disclosed, indicating potential misuse by malicious actors. Despite the vendor being notified of the issue, there has been no response.

Affected Version(s)

UltraISO Premium Edition 9.0

UltraISO Premium Edition 9.1

UltraISO Premium Edition 9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-12786 - Proof of Concept

References

https://vuldb.com/vuln/372528
vdb-entry
https://vuldb.com/vuln/372528/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12786
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

winslow1984 (VulDB User)
VulDB CNA Team
.