PatchSiren

Quanos Solutions GmbH CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Quanos Solutions GmbH CVE published 2026-06-17

CVE-2026-11858

CVE-2026-11858 is a local privilege escalation vulnerability in Quanos SCHEMA ST4 on-premises. The Client Update Service runs as NT AUTHORITY SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary fi [truncated]