【Vulnerability Alert】Data Systems Technology | WinMatrix - Missing Authentication

publish date : 2026-04-24 update date : 2026-04-27

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026041709041414 Publication Time 2026/04/17 09:13
Incident Type ANA-Vulnerability Alert Discovery Time 2026/04/17 09:13
Impact Level Low  
[Subject]
【Vulnerability Alert】Data Systems Technology | WinMatrix - Missing Authentication
[Content]
Forwarded from TWCERTCC-200-202604-00000014

【Data Systems Technology | WinMatrix - Missing Authentication】(CVE-2026-6348, CVSS: 8.8) The WinMatrix agent program developed by Data Systems Technology contains a Missing Authentication vulnerability. An authenticated local attacker may exploit this vulnerability to execute arbitrary code with system privileges on the local machine and on all hosts within the environment where the agent program is installed.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]

WinMatrix agent versions 3.5.13 through 3.5.26.15
[Recommended Actions]

Please update the agent program to version 3.5.27.5 or later.
[Reference]
1. https://www.twcert.org.tw/tw/cp-132-10839-2d9a7-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center