CVE-2026-23648
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.
Analysis
Improper file permissions on system binaries in Glory RBG-100 recycler systems running ISPK-08 software allow local attackers to overwrite root-owned executables and achieve privilege escalation. An unprivileged user with local access can modify these world-writable binaries to execute arbitrary commands with root privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Glory RBG-100 recycler systems in your environment and their network connectivity status. Within 7 days: Implement compensating controls including restricted physical access to affected devices, network isolation where feasible, and enhanced audit logging of system access attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today