Authentication Bypass in WinMatrix Agent by Simopro Technology
CVE-2026-6348

9.3CRITICAL

Key Information:

Vendor: Simopro Technology
Status: Winmatrix
Vendor: CVE Published:; 16 April 2026

🔔 Create Simopro Technology Vulnerability Alert

What is CVE-2026-6348?

The WinMatrix Agent by Simopro Technology is susceptible to a significant vulnerability that allows authenticated local attackers to exploit missing authentication controls. This flaw enables attackers to execute arbitrary code with elevated SYSTEM privileges on the local machine. Moreover, due to the agent's operational framework, this exploitation can extend across all hosts within the network environment where the agent is deployed, potentially leading to widespread unauthorized access and control.

Affected Version(s)

WinMatrix 3.5.13 <= 3.5.26.15

References

https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-6348 Data

JSON