Primary

Context

Simopro Technology WinMatrix Agent Missing Authentication Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A missing authentication vulnerability has been identified in the WinMatrix agent developed by Simopro Technology. This vulnerability allows authenticated local attackers to execute arbitrary code with SYSTEM privileges, not only on the local machine but also on all hosts within the environment where the agent is installed. The issue affects WinMatrix agent versions 3.5.13 through 3.5.26.15.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution with SYSTEM privileges on the affected machine and all other machines in the same environment where the agent is installed.

Remediation

Users are advised to update the WinMatrix agent to version 3.5.27.5 or later.

Added: Apr 16, 2026, 3:26 AM

Updated: Apr 16, 2026, 3:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simopro Technology WinMatrix Agent Missing Authentication Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating