Local Privilege Escalation in NitroSense by Acer
CVE-2026-9489

8.5HIGH

Key Information:

Vendor: Acer
Status: Nitrorsense V3
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-9489?

NitroSense versions prior to 3.01.3052 expose a Windows Named Pipe using a custom protocol, which is misconfigured. This allows any authenticated local user to exploit the vulnerability and execute arbitrary code with NT AUTHORITY\SYSTEM privileges. Additionally, an attacker can delete arbitrary files with SYSTEM privileges, significantly compromising the integrity and security of the target system.

Affected Version(s)

NitrorSense V3 Windows 3.01.3001 <= 3.01.3052

References

https://community.acer.com/en/kb/articles/19652

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

Credit

Artem Domarev

CVE-2026-9489 Data

JSON