CVE-2026-39929
Lakeside SysTrack Agent LsiAgent.exe Out-of-Bounds Read via UDP
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
30th
Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed packet with an invalid memory address at offset 0x4 in the payload to trigger an access violation and cause a denial of service.
| CWE | CWE-125 CWE-754 |
| Vendor | lakeside software, llc. |
| Product | systrack agent |
| Published | May 28, 2026 |
| Last Updated | May 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for lakeside software, llc. systrack agent
Be the first to know when new high vulnerabilities affecting lakeside software, llc. systrack agent are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Lakeside Software, LLC. / SysTrack Agent
0 < 11.2.1.28 11.3.0.xxx < 11.3.0.38 11.4.0.xxx < 11.4.0.24 11.5.0.xxx < 11.5.0.15
References
documentation.lakesidesoftware.com: https://documentation.lakesidesoftware.com/docs/112128-hotfix-agent-release-notes documentation.lakesidesoftware.com: https://documentation.lakesidesoftware.com/docs/1130xxx-hotfix-agent-release-notes documentation.lakesidesoftware.com: https://documentation.lakesidesoftware.com/docs/1140xxx-hotfix-agent-release-notes documentation.lakesidesoftware.com: https://documentation.lakesidesoftware.com/docs/1150xxx-hotfix-agent-release-notes vulncheck.com: https://www.vulncheck.com/advisories/lakeside-systrack-agent-lsiagent-exe-out-of-bounds-read-via-udp
Credits
Austin A. DeFrancesco (DefCesco) VulnCheck