PCTCore64.sys Improper Access Control Allows Local Privilege Escalation
CVE-2026-8501 Published on June 1, 2026

CVE-2026-8501
Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.

NVD

Vulnerability Analysis

CVE-2026-8501 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Exposed IOCTL with Insufficient Access Control

The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

Affected Versions

Symantec PC Tools Internet Security Version * is affected by CVE-2026-8501

PCTCore64.sys Improper Access Control Allows Local Privilege EscalationCVE-2026-8501 Published on June 1, 2026

Vulnerability Analysis

Weakness Type

Exposed IOCTL with Insufficient Access Control

Affected Versions

PCTCore64.sys Improper Access Control Allows Local Privilege Escalation
CVE-2026-8501 Published on June 1, 2026