Is Skysea Client View affected by CVE-2026-39454?

SKYSEA Client View and SKYMEC IT Manager contain a local privilege escalation vulnerability (CVSS 8.5) that allows standard users to gain administrative control over affected systems by exploiting weak file permissions in the product installation directory.

Skysea Client View CVE-2026-39454

EUVD-2026-23793 HIGH

Incorrect Default Permissions (CWE-276)

2026-04-20 jpcert

Privilege Escalation RCE Skysea Client View Skymec It Manager

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 20, 2026 - 09:42 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 20, 2026 - 09:37 vuln.today

cvss_changed

CVSS changed

Apr 20, 2026 - 09:37 NVD

7.8 (HIGH) 8.5 (HIGH)

Analysis Generated

Apr 20, 2026 - 08:58 vuln.today

DescriptionNVD

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

AnalysisAI

Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. …

RemediationAI

Within 24 hours: Identify all systems running SKYSEA Client View ≤21.200.07j or SKYMEC IT Manager ≤2024.005.10a using asset discovery tools. Within 7 days: Implement file permission hardening on installation directories (restrict write access to SYSTEM/Administrator accounts only) and enable local privilege escalation monitoring via endpoint detection and response (EDR) tools. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-39454 vulnerability details – vuln.today

Back

Skysea Client View CVE-2026-39454

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Skysea Client View CVE-2026-39454

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code