Ghostwire

CVE-2026-6348: WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local...

CRITICAL CVSS 9.5

Published: April 16, 2026 | Last Modified: April 16, 2026

Description

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2026-6348
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-6348
nvd.nist.gov/vuln/detail/CVE-2026-6348