| TVN ID | TVN-202603001 |
|---|---|
| CVE ID | CVE-2026-2999, CVE-2026-3000 |
| CVSS | CVE-2026-2999: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-3000: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | IDExpert Windows Logon Agent version from 2.7.3.230719 to 2.8.4.250925 |
| Description | CVE-2026-2999(Remote Code Execution): Unauthenticated remote attackers can force the system to download arbitrary executable files from a remote source and execute them. CVE-2026-3000(Remote Code Execution): Unauthenticated remote attackers can force the system to download arbitrary DLL files from a remote source and execute them. |
| Solution | Contact the vendor to patch or download the patch from the official website. Link:https://www.changingtec.com/news_detail.jsp?item_id=348 |
| Credit | Linwz(DEVCORE) |
| Public Date | 2026-03-02 |
:::