HIGH
Quanos Solutions GmbH
CVE published 2026-06-17
CVE-2026-11858
CVE-2026-11858 is a local privilege escalation vulnerability in Quanos SCHEMA ST4 on-premises. The Client Update Service runs as NT AUTHORITY SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary fi [truncated]