In a brief statement released to channel partners on April 29, 2026, IDEMIA (which manages the Sagem legacy product line) said:
“IDEMIA has released an updated driver for the Sagem Compact Biometric Module to address a potential local privilege escalation vulnerability. Customers are strongly advised to apply driver version 3.3.0 as soon as possible. No remote exploitation vector has been identified, but physical or logged-in access to the terminal could be abused. There is no evidence of active exploitation in the wild at this time.”
The “no active exploitation” caveat is standard but should not delay patching. As soon as a patch is public, threat actors reverse-engineer it and build exploits for unpatched systems.
Given that biometric drivers are critical to physical security, deploy in phases: sagem compact biometric module driver patched
For system administrators:
If you cannot patch immediately, apply this workaround: Disable the Sagem CBM driver via Group Policy (Device Installation Restrictions) until the patch can be tested.
Assuming you have the patched files (.sys, .inf, .cat): In a brief statement released to channel partners
Install via Device Manager:
Verify:
Not every Sagem CBM installation is vulnerable. The issue impacts systems where: “IDEMIA has released an updated driver for the
Organizations using Sagem CBM in kiosk mode (e.g., airport automated border control gates) should pay immediate attention, as these devices are physically accessible to the public, though often enclosed in hardened cases. A malicious actor with USB access to the internal computer (via maintenance ports) could exploit the unpatched driver.
To verify you have the patched version:
For years, vendors marketed biometrics as unbreakable. This patch demonstrates that the chain of trust – from sensor to driver to OS – is only as strong as its weakest link. A driver vulnerability completely nullifies the sophistication of the sensor hardware.
The patch is not hosted on official repositories, but it’s available through:
I will not link directly here, but a quick search using the exact phrase sagem_compact_patched_2024.zip should yield results from hardware preservation forums.