Taiwan CERT warns of high-severity authentication flaw in WinMatrix agent (CVE-2026-6348) enabling system-level code execution

Posted on Author Steve Granger 0

Answer Brief

TWCERT/CC disclosed a high-severity “Missing Authentication” vulnerability in WinMatrix agent software from Da Yang Technology (達煬科技). The issue (CVE-2026-6348, TVN-202604001) affects WinMatrix agent versions 3.5.13 through 3.5.26.15 and could allow an already-authenticated local attacker to execute arbitrary code with SYSTEM privileges on the local host and other hosts in the same environment that have the agent installed. TWCERT/CC recommends updating to WinMatrix agent 3.5.27.5 or later.

Abstract depiction of an agent-based infrastructure topology with authentication gates and a highlighted high-risk path indicating potential system-level code execution impact across multiple hosts.

Executive Summary: TWCERT/CC disclosed a high-severity “Missing Authentication” vulnerability in WinMatrix agent software from Da Yang Technology (達煬科技). The issue (CVE-2026-6348, TVN-202604001) affects WinMatrix agent versions 3.5.13 through 3.5.26.15 and could allow an already-authenticated local attacker to execute arbitrary code with SYSTEM privileges on the local host and other hosts in the same environment that have the agent installed. TWCERT/CC recommends updating to WinMatrix agent 3.5.27.5 or later.

Why It Matters

This disclosure is operationally significant for infrastructure and security teams because WinMatrix is deployed as an “agent” across multiple machines, and the advisory explicitly states that a local attacker who has already passed authentication can leverage the missing-authentication condition to run arbitrary code as SYSTEM not only on the local machine but also across other hosts in the same environment where the agent is installed. That combination—agent-based footprint plus SYSTEM execution—can turn a single compromised endpoint into a broader environment-level problem.

While the CVSS vector indicates local attack requirements (AV:L) and that some privileges are needed (PR:L), TWCERT/CC’s description highlights the potential for high impact across confidentiality, integrity, and availability once exploited. For global organizations, Taiwan vulnerability notes are a useful early signal because Taiwanese vendors and products are frequently embedded in regional manufacturing, semiconductor, and enterprise IT supply chains. Even when a product is primarily deployed in Taiwan, multinational operations teams can inherit the risk through subsidiaries, contractors, or shared management tooling.

TWCERT/CC’s mitigation guidance is straightforward: upgrade WinMatrix agent to version 3.5.27.5 or later. No additional compensating controls or exploitation details are provided in the bulletin, so defenders should treat the upgrade as the authoritative fix pending any further vendor or CERT updates.

Event Type: security
Importance: high

Affected Companies

  • DEVCORE
  • TWCERT/CC
  • 達煬科技 (Da Yang Technology)

Affected Sectors

  • Cybersecurity
  • Endpoint / Systems Management
  • IT Infrastructure

Key Numbers

  • CVE: CVE-2026-6348
  • TVN ID: TVN-202604001
  • CVSS v3.1: 8.8 (High)
  • Affected versions: WinMatrix agent 3.5.13 to 3.5.26.15
  • Fixed version: 3.5.27.5 and later

Timeline

  1. TWCERT/CC published TVN-202604001 for CVE-2026-6348 (Missing Authentication) affecting WinMatrix agent.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *