Local Privilege Escalation Vulnerability in Acer NitroSense Software
CVE-2026-9789

8.5HIGH

Key Information:

Vendor: Acer
Status: Nitrorsense V3
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9789?

A Local Privilege Escalation vulnerability in Acer NitroSense software arises from the PSAdminAgent service's implementation, which establishes a Named Pipe with insufficiently strict Access Control List (ACL) settings. This flaw permits any authenticated local user to interact with the service and issue commands without appropriate privilege checks. As a result, an attacker with low-level privileges can execute file deletion commands, potentially leading to the unauthorized removal of critical system files, which poses significant security risks to affected systems.

Affected Version(s)

NitrorSense V3 3.01.3001 <= 3.01.3052

References

https://community.acer.com/en/kb/articles/19670

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 28, 2026

Credit

Vo Duc Thang

CVE-2026-9789 Data

JSON