CVE-2026-9490
CWE-269Published: May 25, 2026· Updated: May 26, 2026
Official Description
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.
Technical Analysis
CVE-2026-9490 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-269)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-9490 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts