CVE-2026-9789 Acer CVE debrief

Who should care

Organizations deploying Acer NitroSense on Windows endpoints, particularly gaming workstations and laptops. Security teams managing endpoint privilege escalation attack surfaces. System administrators responsible for OEM software inventory and patch management.

Technical summary

The PSAdminAgent service in Acer NitroSense creates a Named Pipe with overly permissive ACL settings, allowing any authenticated local user to establish connections. The service accepts and executes file deletion commands without verifying the requesting user's privilege level. This architectural flaw enables low-privileged users to leverage the service's SYSTEM-level execution context to delete arbitrary files, resulting in local privilege escalation. The vulnerability is classified as HIGH severity with CVSS 4.0 scoring. Multiple CWE classifications apply: CWE-22 (Path Traversal), CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control), and CWE-732 (Incorrect Permission Assignment for Critical Resource).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Acer NitroSense to version 3.01.3052 or later
• Audit systems for NitroSense installations prior to 3.01.3052
• Review Named Pipe ACL configurations on managed endpoints
• Monitor for suspicious file deletion activity from PSAdminAgent service
• Apply principle of least privilege to local user accounts

Evidence notes

CVE published 2026-05-28; NVD record shows Deferred status with CVSS 4.0 vector. Acer knowledge base article referenced as primary source. Vendor identification marked low confidence requiring review despite Acer domain reference.

Official resources