CVE-2026-29923
Published: 09 April 2026
Summary
CVE-2026-29923 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Packetstorm (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-29923 is a privilege escalation vulnerability in the pstrip64.sys driver included with EnTech Taiwan PowerStrip versions 3.90.736 and earlier. Published on 2026-04-09, it stems from improper handling of IOCTL requests, allowing local users to map arbitrary physical memory into their user-mode address space and modify critical kernel structures, leading to escalation from unprivileged access to SYSTEM-level privileges.
The vulnerability requires local access (AV:L) and low-privilege credentials (PR:L), with low attack complexity (AC:L) and no user interaction (UI:N). An attacker can send a crafted IOCTL request to the driver, achieving arbitrary kernel memory read/write capabilities. This results in high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), as reflected in its CVSS v3.1 base score of 7.8. It is associated with CWE-269 (Improper Privilege Management).
Mitigation details and further technical analysis are available in advisories hosted on PacketStorm at https://packetstorm.news/files/id/218394/ and the vendor's PowerStrip page at https://entechtaiwan.com/util/ps.shtm.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21014
Vulnerability details
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability provides a local kernel driver IOCTL flaw enabling arbitrary physical memory mapping and kernel structure modification, directly facilitating exploitation to escalate from low-privileged user to SYSTEM.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the specific flaw in pstrip64.sys by requiring timely identification, testing, and correction or removal of the vulnerable driver.
Prevents installation of the vulnerable PowerStrip software and its pstrip64.sys driver by prohibiting or restricting user-installed software.
Restricts the system to least functionality by disabling unnecessary third-party kernel drivers like pstrip64.sys that enable privilege escalation.