【Vulnerability Alert】WinMatrix by Win-Matrix Technology - Missing Authentication

• Subject: 【Vulnerability Alert】WinMatrix by Win-Matrix Technology - Missing Authentication

• Description:
  • Forwarded from TWCERT/CC Security Alert TWCERTCC-200-202604-00000014.
  • There is a Missing Authentication vulnerability in the WinMatrix agent developed by Win-Matrix Technology (CVE-2026-6348, CVSS: 8.8). A local attacker who has passed identity authentication can execute arbitrary code with system privileges on the local machine and all hosts within the environment that have the agent program installed.
• Affected Platforms:
  • WinMatrix agent versions 3.5.13 through 3.5.26.15 (inclusive)
• Recommended Actions:
  • Please update the agent program to version 3.5.27.5 or later.
• Reference:
  1. https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html

Computer and Communication Center
Network Systems Division