CVE-2026-1680

EUVD-2026-5045
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
danofficeitlocal_admin_service
1.2.7.23180
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/
https://www.danofficeit.com/howwedoit/workplace/management/
https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service/