Main Vulnerability Database SB2026013030

SB2026013030 - Privilege escalation in NCP Secure Entry Client for Windows

Published: January 30, 2026

Security Bulletin ID SB2026013030

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Exposed dangerous method or function (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to during certain actions, such as installation, update, or uninstallation of the VPN client, the command line windows (cmd.exe) are temporarily opened with the SYSTEM account privileges. A local user can interact with the opened command line directly and execute arbitrary code, leading to privilege escalation.

Remediation

Install update from vendor's website.

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00002
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/en/NCP_RN_Win_Secure_Entry_Client_13_33_r9750_en.pdf