CVE-2026-0539 pcvisit CVE debrief

Who should care

Windows system administrators managing pcvisit remote access software, security teams responsible for endpoint privilege management, and organizations using pcvisit for remote support or access should prioritize patching this vulnerability to prevent local privilege escalation attacks.

Technical summary

The pcvisit service binary on Windows is installed with overly permissive default permissions that allow low-privileged local users to modify the executable. Because this service runs automatically at system startup with NT AUTHORITY SYSTEM privileges, an attacker can replace the legitimate binary with malicious code to achieve privilege escalation. The vulnerability is classified under CWE-276 (Incorrect Default Permissions) and carries a HIGH severity CVSS score of 8.5.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade pcvisit to version 25.12.3.1745 or later to remediate the vulnerability
• Review and restrict file system permissions on service binaries to prevent unauthorized modification
• Implement principle of least privilege for service accounts and file system access controls
• Monitor for unauthorized modifications to critical service binaries using file integrity monitoring
• Audit installed versions of pcvisit across Windows endpoints to identify affected systems

Evidence notes

The vulnerability was disclosed via NVD with references to an InfoGuard security advisory and pcvisit release notes. The CVSS 4.0 vector indicates local attack vector with low attack complexity, no user interaction required, and high impact to confidentiality, integrity, and availability.

Official resources