anonhaven
Ad

CVE-2026-27653

MEDIUM CVSS 4.0: 5.4 EPSS 0.01%
Updated Mar 17, 2026
Soliton
Parameter Value
CVSS 5.4 (MEDIUM)
Affected Versions 1.0.0 — 2.0.15
Fixed In 2.0.15
Type CWE-863 (Incorrect Authorization), CWE-276
Vendor Soliton
Public PoC No

The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization
CWE-276

Vulnerable Products 3

Configuration From (including) Up to (excluding)
Soliton Securebrowser_For_Onegate
cpe:2.3:a:soliton:securebrowser_for_onegate:1.0.0:*:*:*:*:windows:*:*
Soliton Securebrowser_Ii
cpe:2.3:a:soliton:securebrowser_ii:*:*:*:*:*:windows:*:*
 2.0.0 2.0.15
Soliton Secureworkspace
cpe:2.3:a:soliton:secureworkspace:*:*:*:*:*:*:*:*
 1.0.0 1.4.8

References 2

https://jvn.jp/en/jp/JVN41357120/
vultures@jpcert.or.jp
https://www.soliton.co.jp/support/2026/006679.html
vultures@jpcert.or.jp
Share Post Share Share Share