Cyber Resilience

CVE-2026-29923

HighLPE

Published: 09 April 2026

Published
09 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-29923 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Packetstorm (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-29923 is a privilege escalation vulnerability in the pstrip64.sys driver included with EnTech Taiwan PowerStrip versions 3.90.736 and earlier. Published on 2026-04-09, it stems from improper handling of IOCTL requests, allowing local users to map arbitrary physical memory into their user-mode address space and modify critical kernel structures, leading to escalation from unprivileged access to SYSTEM-level privileges.

The vulnerability requires local access (AV:L) and low-privilege credentials (PR:L), with low attack complexity (AC:L) and no user interaction (UI:N). An attacker can send a crafted IOCTL request to the driver, achieving arbitrary kernel memory read/write capabilities. This results in high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), as reflected in its CVSS v3.1 base score of 7.8. It is associated with CWE-269 (Improper Privilege Management).

Mitigation details and further technical analysis are available in advisories hosted on PacketStorm at https://packetstorm.news/files/id/218394/ and the vendor's PowerStrip page at https://entechtaiwan.com/util/ps.shtm.

EU & UK References

Vulnerability details

The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability provides a local kernel driver IOCTL flaw enabling arbitrary physical memory mapping and kernel structure modification, directly facilitating exploitation to escalate from low-privileged user to SYSTEM.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2026-28995Shared CWE-269
CVE-2025-43199Shared CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2024-47770Shared CWE-269
CVE-2025-24254Shared CWE-269
CVE-2025-27639Shared CWE-269

Affected Assets

Packetstorm
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in pstrip64.sys by requiring timely identification, testing, and correction or removal of the vulnerable driver.

prevent

Prevents installation of the vulnerable PowerStrip software and its pstrip64.sys driver by prohibiting or restricting user-installed software.

prevent

Restricts the system to least functionality by disabling unnecessary third-party kernel drivers like pstrip64.sys that enable privilege escalation.

References