NETWRIX has addressed critical vulnerabilities in its Password Secure software, with the most severe flaw allowing authenticated attackers to execute remote code, rated CVSS 3.1 9.9. The vulnerabilities stem from insufficient authorization checks and affect all versions prior to 26.6.100, which is now the recommended version to mitigate these risks. No ongoing exploitation has been reported, but organizations are urged to update immediately due to the potential for extensive credential compromise. Full details can be found in the official security advisory (ADV-2026-008).
Netwrix patches RCE bug in Password Secure before 26.6.100
CyberSIXT Evidence Panel
Primary Source
community.netwrix.com
Article by CyberSIXT