Auth bypass in Quanos Solutions Gmbh Schema St4
CVE-2026-11858
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient acces…
Vulnerability class: Broken Access Control
Affected products
- Quanos Solutions Gmbh Schema St4 — versions SCHEMA ST4 on-premises, all versions
Weakness classification (CWE)
References
- 551230f0-3615-47bd-b7cc-93e92e730bbf (third-party-advisory)