The Quest team has been made aware of a vulnerability involving the KACE System Management Agent product:
Vulnerability found and reported by Tom Norfolk (AJ Bell).
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here .
CVE-2025-26850 vulnerability exists within Quest KACE Systems Management Appliance (SMA) agent through 14.1 which could potentially allow privilege escalation on the KACE SMA Agent managed systems.
The KACE SMA vulnerabily reported under CVE-2025-26850 is resolved in the KACE SMA Agent versions 14.0.97 and 14.1.19.
Please get the latest agent version available for download at the support portal or using the automatic update through your KACE SMA adminui Settings | Provisioning | Update Agents. If the update does not show available for your appliance, please see: KACE Auto Update does not find the automatic update but the release can be found on the download page
