CVE-2026-35099 is a race condition vulnerability categorized under CWE-362 found in the Lakeside Software SysTrack Agent prior to version 11.5.0.15. The vulnerability arises from improper synchronization during concurrent execution of shared resources within the agent, allowing a local attacker to escalate privileges to SYSTEM level. The SysTrack Agent is a widely used endpoint monitoring and analytics tool deployed in enterprise environments for IT operations and user experience management. The race condition can be exploited by an attacker with local access to the system, who can trigger concurrent operations that interfere with each other, leading to a state where privilege escalation is possible. The CVSS v3.1 base score is 7.4, reflecting high severity due to the potential for complete system compromise (confidentiality, integrity, and availability impacts are all high). The attack complexity is high, requiring specific conditions and timing, and no user interaction is needed. The vulnerability does not require prior privileges, making it more dangerous if local access is obtained. Fixed versions have been released across multiple branches (11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15), but no public exploit code or active exploitation has been reported yet. This vulnerability highlights the risks of concurrency issues in endpoint agents that run with elevated privileges.

If exploited, this vulnerability allows a local attacker to gain SYSTEM-level privileges on affected endpoints, effectively compromising the entire system. This can lead to unauthorized access to sensitive data, manipulation or deletion of critical files, installation of persistent malware, and disruption of endpoint monitoring capabilities. Given the agent’s role in enterprise IT environments, successful exploitation could undermine security monitoring and incident response efforts, potentially allowing attackers to operate undetected. The high severity score reflects the broad impact on confidentiality, integrity, and availability. Organizations relying on SysTrack Agent for endpoint analytics and monitoring face increased risk of insider threats or lateral movement by attackers who gain local access. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments where local access controls are weak or compromised.

Organizations should immediately verify the version of SysTrack Agent deployed and upgrade to the fixed versions (11.2.1.28, 11.3.0.38, 11.4.0.24, or 11.5.0.15) as appropriate. In addition to patching, implement strict local access controls to limit who can log into endpoints, including enforcing least privilege principles and using multi-factor authentication for local accounts. Employ endpoint detection and response (EDR) solutions to monitor for suspicious local activity indicative of privilege escalation attempts. Conduct regular audits of installed software versions and configuration management to ensure timely application of security updates. Where patching is delayed, consider temporarily disabling or restricting the SysTrack Agent service if feasible, or isolating affected systems to reduce exposure. Educate IT staff about the risks of race conditions and encourage secure coding and testing practices for concurrency issues in internal software development. Finally, maintain robust incident response plans to quickly detect and respond to potential exploitation attempts.