Securebrowser For Onegate
CVE-2026-27653
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
AnalysisAI
Soliton Systems installers for Securebrowser For Onegate, Secureworkspace, and Securebrowser II fail to set proper file permissions during installation, enabling local authenticated users to execute arbitrary code with SYSTEM privileges. An attacker with user-level access can exploit this misconfiguration to achieve full system compromise. No patch is currently available.
Technical ContextAI
Classified as CWE-276 (Incorrect Default Permissions). The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today