CVE-2026-1680 is a vulnerability classified under CWE-250 (Execution with Unnecessary Privileges) affecting Edgemo (Danoffice IT) Local Admin Service version 1.2.7.23180 on Windows platforms. The flaw arises from improper access control in the Windows Communication Foundation (WCF) endpoint exposed by the LocalAdminService.exe process. Specifically, a local user can communicate directly with the named pipe used by the Local Admin Service, bypassing client-side group membership checks that are intended to restrict access. This allows the attacker to escalate their privileges from a standard local user to a local administrator without requiring prior administrative rights or user interaction. The vulnerability is exploitable locally, with low attack complexity, and does not require authentication beyond local user access. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y) reflects a high severity due to the potential for complete compromise of the affected system's confidentiality, integrity, and availability. Although no public exploits are known, the vulnerability poses a significant risk in environments where Edgemo Local Admin Service is deployed, especially in enterprise or critical infrastructure settings. The lack of a patch link suggests that remediation may require vendor engagement or workaround implementation. The vulnerability's exploitation could allow attackers to install malware, alter system configurations, or move laterally within a network.

For European organizations, this vulnerability presents a serious risk of local privilege escalation on Windows systems running Edgemo Local Admin Service 1.2.7.23180. Successful exploitation can lead to attackers gaining administrative control over affected machines, enabling them to execute arbitrary code with elevated privileges, install persistent malware, and compromise sensitive data. This can disrupt business operations, lead to data breaches, and facilitate further network penetration. Organizations in sectors such as finance, government, healthcare, and critical infrastructure are particularly vulnerable due to the potential impact on confidentiality and availability of critical systems. The vulnerability also increases the risk of insider threats or attacks originating from compromised local accounts. Given the ease of exploitation and high impact, failure to address this vulnerability could result in significant operational and reputational damage.

1. Immediately restrict access to the LocalAdminService.exe named pipe by applying strict Access Control Lists (ACLs) to prevent unauthorized local users from communicating with the service. 2. Disable or uninstall the Edgemo Local Admin Service if it is not essential for business operations. 3. Engage with Danoffice IT to obtain patches or updates addressing CVE-2026-1680; monitor vendor advisories for forthcoming fixes. 4. Implement application whitelisting and endpoint protection solutions to detect and block unauthorized attempts to interact with the named pipe or escalate privileges. 5. Conduct regular audits of local user privileges and monitor for unusual local privilege escalation attempts in Windows event logs. 6. Employ network segmentation and least privilege principles to limit the impact of compromised local accounts. 7. Educate system administrators and users about the risks of local privilege escalation and enforce strict control over local user accounts.