PatchSiren cyber security CVE debrief
CVE-2026-57919 Matrix42 CVE debrief
CVE-2026-57919 is a high-severity vulnerability in Matrix42 Empirum Personal Backup, specifically affecting versions before 25.5 and 26.x before 26.2. A low-privileged local attacker can exploit this vulnerability to escalate privileges to SYSTEM by sending crafted IPC messages to a named pipe with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. This vulnerability allows for potential privilege escalation attacks, which could lead to unauthorized access and control of the system. System administrators and security teams should prioritize patching this vulnerability to prevent potential attacks.
- Vendor
- Matrix42
- Product
- Empirum Personal Backup
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-29
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-06-29
- Advisory updated
- 2026-07-17
Who should care
System administrators and security teams responsible for Matrix42 Empirum Personal Backup installations should prioritize patching this vulnerability to prevent potential privilege escalation attacks. This includes reviewing system logs for suspicious activity related to the named pipe and implementing additional security controls to prevent exploitation.
Technical summary
The PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. This allows a low-privileged local attacker to connect to the pipe and send crafted IPC messages to trigger execution of arbitrary commands with SYSTEM privileges via an untrusted search path. The vulnerability can be exploited by placing a malicious shadow.exe in a controlled working directory, leading to privilege escalation.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Matrix42 to address the vulnerability
- Restrict access to the named pipe to only authorized users and processes
- Monitor system logs for suspicious activity related to the named pipe
- Implement additional security controls to prevent exploitation, such as restricting write access to the working directory
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-29T20:17:40.160Z and last modified on 2026-07-17T16:17:15.690Z. The NVD entry is currently Deferred. This vulnerability affects Matrix42 Empirum Personal Backup, specifically versions before 25.5 and 26.x before 26.2. The vulnerability allows a low-privileged local attacker to escalate privileges to SYSTEM by sending crafted IPC messages to a named pipe with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated users. Evidence is limited to public CVE and NVD information.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-29T20:17:40.160Z and has not been modified since then. The NVD entry is currently Deferred.