{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1680", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "state": "PUBLISHED", "assignerShortName": "NCSC-FI", "dateReserved": "2026-01-30T05:57:27.965Z", "datePublished": "2026-01-30T06:00:31.449Z", "dateUpdated": "2026-02-02T16:33:39.478Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Local Admin Service", "vendor": "Edgemo (Danoffice IT)", "versions": [{"status": "affected", "version": "1.2.7.23180"}]}], "datePublic": "2025-02-06T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions."}], "value": "Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-01-30T06:00:31.449Z"}, "references": [{"tags": ["exploit", "third-party-advisory"], "url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/"}, {"tags": ["product"], "url": "https://www.danofficeit.com/howwedoit/workplace/management/"}], "source": {"discovery": "EXTERNAL"}, "title": "Local Privilege Escalation in Local Admin Service", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"references": [{"url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T14:35:42.440582Z", "id": "CVE-2026-1680", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:33:39.478Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1680", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-30T14:35:42.440582Z"}}}], "references": [{"url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:35:55.068Z"}}], "cna": {"title": "Local Privilege Escalation in Local Admin Service", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Edgemo (Danoffice IT)", "product": "Local Admin Service", "versions": [{"status": "affected", "version": "1.2.7.23180"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2025-02-06T07:00:00.000Z", "references": [{"url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/", "tags": ["exploit", "third-party-advisory"]}, {"url": "https://www.danofficeit.com/howwedoit/workplace/management/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.", "supportingMedia": [{"type": "text/html", "value": "Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "shortName": "NCSC-FI", "dateUpdated": "2026-01-30T06:00:31.449Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1680", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:33:39.478Z", "dateReserved": "2026-01-30T05:57:27.965Z", "assignerOrgId": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "datePublished": "2026-01-30T06:00:31.449Z", "assignerShortName": "NCSC-FI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:danofficeit:local_admin_service:1.2.7.23180:*:*:*:*:windows:*:*", "matchCriteriaId": "6D35C301-C544-4630-8256-0CE50BE3AC4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions."}, {"lang": "es", "value": "Control de acceso inadecuado en el endpoint WCF en Edgemo (ahora propiedad de Danoffice IT) Servicio de Administrador Local 1.2.7.23180 en Windows permite a un usuario local escalar sus privilegios a administrador local mediante comunicaci\u00f3n directa con la tuber\u00eda con nombre LocalAdminService.exe, eludiendo las restricciones de membres\u00eda de grupo del lado del cliente."}], "id": "CVE-2026-1680", "lastModified": "2026-03-03T15:06:54.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}]}, "published": "2026-01-30T07:16:15.350", "references": [{"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "tags": ["Exploit", "Third Party Advisory"], "url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/"}, {"source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "tags": ["Product"], "url": "https://www.danofficeit.com/howwedoit/workplace/management/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/"}], "sourceIdentifier": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "db4dfee8-a97e-4877-bfae-eba6d14a2166", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:13:46.685886+00:00", "value": {"mitigation_remediation": ["Install the latest version of the Local Admin Service that resolves the access\u2011control flaw.", "If no patch is available, restrict or deny non\u2011administrator access to the LocalAdminService.exe named pipe by adjusting Windows security permissions or removing the pipe.", "Disable or uninstall the Local Admin Service on systems where it is not required.", "Monitor Windows event logs for unexpected access attempts to the LocalAdminService.exe named pipe and investigate anomalies."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Edgemo (now Danoffice IT) Local Admin Service 1.2.7.23180 running on Windows operating systems. Systems using this specific version are susceptible if the LocalAdminService.exe component is present.", "description_and_impact": "Improper access control in a Windows Communication Foundation endpoint within the Local Admin Service allows a local user to raise their privileges to that of a local administrator. By directly communicating with the LocalAdminService.exe named pipe, a user can bypass client\u2011side group membership checks and gain administrative rights, which compromises system integrity and confidentiality on that device.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity of potential impact. However, the EPSS score of less than 1% suggests a very low exploitation probability at present, and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers would need local access to the affected machine and would exploit the named pipe directly, so the vector is local rather than remote."}}}}, "created": "2026-02-02T09:27:57.116925+00:00", "updated": "2026-04-18T01:15:05.995408+00:00", "vendors": ["danoffice_it", "danoffice_it$PRODUCT$local_admin_service"]}