StackPatch is liveSee product

Back to CVE digest
NVD · CVE-2026-11858

CVE-2026-11858

Published: Wed, 17 Jun 2026 13:19

CVE-2026-11858

Summary

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface ove

Details

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.

Are YOU affected by CVE-2026-11858?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-11858 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first

References

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →