Cve-2026-35099 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-35099/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 01 Apr 2026 16:23:50 +0000Lakeside SysTrack Agent Local Privilege Escalation via Race Condition (CVE-2026-35099)https://feed.craftedsignal.io/briefs/2026-04-lakeside-systrack-lpe/Wed, 01 Apr 2026 16:23:50 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-lakeside-systrack-lpe/Lakeside SysTrack Agent 11 before 11.2.1.28 is vulnerable to a race condition that allows for local privilege escalation to SYSTEM, as tracked by CVE-2026-35099.Lakeside SysTrack Agent, a system monitoring tool, contains a local privilege escalation vulnerability. Specifically, versions of Agent 11 prior to 11.2.1.28 are susceptible to a race condition (CWE-362) that can be exploited by a local attacker to gain SYSTEM privileges. This vulnerability, identified as CVE-2026-35099, allows an attacker with limited privileges to execute arbitrary code with the highest level of permissions on the system. Successful exploitation could lead to complete system compromise, data theft, and other malicious activities. Organizations using vulnerable versions of the SysTrack Agent should upgrade to the patched version (11.2.1.28) as soon as possible.

Attack Chain

  1. The attacker gains initial local access to the target system, possibly through phishing or social engineering.
  2. The attacker identifies the presence of a vulnerable Lakeside SysTrack Agent version (prior to 11.2.1.28).
  3. The attacker crafts a malicious executable or script designed to trigger the race condition within the SysTrack Agent.
  4. The attacker executes the malicious code, which attempts to manipulate shared resources concurrently with the SysTrack Agent.
  5. The race condition is successfully triggered, allowing the attacker to overwrite critical system files or inject malicious code into the SysTrack Agent’s process.
  6. Due to the race condition, the SysTrack Agent executes the attacker’s injected code with SYSTEM privileges.
  7. The attacker leverages SYSTEM privileges to install a backdoor, create new administrative accounts, or perform other malicious activities.
  8. The attacker achieves persistent SYSTEM-level access, enabling them to control the compromised system remotely.

Impact

Successful exploitation of CVE-2026-35099 allows an attacker to escalate privileges from a normal user to SYSTEM on a vulnerable Windows system. This gives the attacker complete control over the system, potentially leading to data breaches, malware installation, or denial of service. Given the nature of system monitoring agents, a successful compromise can provide deep insights into the organization’s environment.

Recommendation

]]>highadvisorylakesidesystrackprivilege-escalationrace-conditioncve-2026-35099windows