Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
WinMatrix Agent: Local Attackers Can Run System-Level Code
CVE-2026-6348
Summary
The WinMatrix agent from Simopro Technology has a security weakness that allows someone with a valid login on the same computer to run any code with administrator-level access, not just on that computer but also on other devices connected to the same network where the agent is installed. This means a malicious user could potentially gain control of the entire network. To protect your network, update the WinMatrix agent to the latest version and ensure you're using strong passwords to limit access to the agent.
Original title
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local mach...
Original description
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.
nvd CVSS3.1
8.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026