CVE-2026-6348

HIGH 8.8

Simopro Technology｜WinMatrix - Missing Authentication

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.

CWE	CWE-306
Vendor	simopro technology
Product	winmatrix
Published	Apr 16, 2026
Last Updated	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for simopro technology winmatrix

Be the first to know when new high vulnerabilities affecting simopro technology winmatrix are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Simopro Technology / WinMatrix

3.5.13 ≤ 3.5.26.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

twcert.org.tw: https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html twcert.org.tw: https://www.twcert.org.tw/en/cp-139-10840-ba9b9-2.html