Denial of Service vulnerability in Safetica Client via kernel driver ProcessMonitorDriver.sys

Vulnerability overview

Safetica identified a Denial of Service vulnerability in Safetica Client for Windows caused by an exploitable IOCTL (Input/Output Control) path in the kernel driver ProcessMonitorDriver.sys.

An unprivileged user can abuse this IOCTL path to terminate protected system processes, including Safetica’s own detection and response processes and antivirus processes. This can blind security monitoring on the affected machines.

• CVE: CVE-2026-0828
• Severity (CVSS score): 8.2
• Exploitability: local only (cannot be exploited remotely)
• Affected deployments: Safetica on-premises and cloud-hosted Safetica

What an attacker could achieve

A threat actor can leverage this vulnerability to use the IOCTL path to terminate processes repeatedly. This could lead to a Denial of Service (DoS) attack and render Safetica’s systems unavailable.

✅ Remediation

Please update to one of the fixed Safetica versions as soon as possible, preferably to the latest Cumulative release.

Affected and fixed Safetica versions

The fix is already available in the following Safetica versions.

There are two options for updating: 

• We recommend updating via the XML. Learn how to perform the update here. 

• To update via the Universal Installer, run the installer, select Manual installation, and choose to install Safetica Management Service. 

✅ Recommended: Cumulative release 11.26.19

If you are using a Feature release - Update to 11.29.8 

If you are still using Safetica 10.5.x - Update to 10.5.150: