CVE-2026-6348 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 17, 2026
Simopro Technology WinMatrix agent - Authentication Bypass
Overview
Simopro Technology WinMatrix agent contains a missing authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on local and networked hosts, exploit requires local authentication.
Severity & Score
Impact
Authenticated local attackers can execute arbitrary code with SYSTEM privileges on local and networked hosts, leading to full system compromise.
Mitigation
Update to the latest version of WinMatrix agent.
References
Social Media Activity(2 posts)
š“ CRITICAL: CVE-2026-6348 in Simopro WinMatrix 3.5.13 lets local authenticated users execute code as SYSTEM. No patch yet ā restrict access & monitor usage. Details: https://radar.offseq.com/threat/cve-2026-6348-cwe-306-missing-authentication-for-c-2cb15b3d #OffSeq #CVE20266348 #Infosec #Vulnerability
View original post
š CVE-2026-6348 - High (8.8) WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment... š https://www.thehackerwire.com/vulnerability/CVE-2026-6348/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6348
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 0.8%
- Social Posts
- 2
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H