Skip to main content

Skysea Client View EUVDEUVD-2026-23793

| CVE-2026-39454 HIGH
Incorrect Default Permissions (CWE-276)
2026-04-20 jpcert
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Apr 20, 2026 - 09:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 20, 2026 - 09:37 vuln.today
cvss_changed
CVSS changed
Apr 20, 2026 - 09:37 NVD
7.8 (HIGH) 8.5 (HIGH)
Analysis Generated
Apr 20, 2026 - 08:58 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 08:45 euvd
EUVD-2026-23793
Analysis Generated
Apr 20, 2026 - 08:45 vuln.today
CVE Published
Apr 20, 2026 - 08:04 nvd
HIGH 8.5

DescriptionCVE.org

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

AnalysisAI

Local privilege escalation in SKYSEA Client View (≤21.200.07j) and SKYMEC IT Manager (≤2024.005.10a) allows low-privileged users to execute arbitrary code with administrative privileges by exploiting insecure installation folder permissions. Attackers can write malicious files into the product directory, achieving full system compromise. EPSS score of 0.01% (2nd percentile) indicates low likelihood of widespread exploitation despite CVSS 8.5 severity. No active exploitation confirmed; CISA SSVC assessment marks exploitation status as 'none' and automatable as 'no', suggesting targeted attack potential rather than mass exploitation risk.

Technical ContextAI

SKYSEA Client View and SKYMEC IT Manager are enterprise endpoint management solutions from Sky Co., Ltd., used primarily in Japanese corporate environments for client device control and IT asset management. The vulnerability stems from CWE-276 (Incorrect Default Permissions), where the products' installation directories are configured with overly permissive Access Control Lists (ACLs) during deployment. Windows file system security typically restricts Program Files directories to administrative access only, but these products fail to properly lock down their installation folders. This allows non-administrative users with local interactive logon (PR:L) to write executable files, DLLs, or configuration files into protected directories. When the legitimate service or application runs with SYSTEM or administrative privileges, it may load the attacker-controlled files, resulting in elevation of privilege. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local attack vector with low complexity and no additional conditions beyond low-privilege access, making this a classic DLL hijacking or binary planting scenario.

RemediationAI

Upgrade to SKYSEA Client View version 21.200.08j or later, and SKYMEC IT Manager version 2024.005.11a or later (specific patched versions should be confirmed with Sky Co., Ltd. via https://www.skyseaclientview.net/news/260420_01/). The vendor advisory published April 2026 provides detailed update instructions. If immediate patching is not feasible, apply compensating controls: manually restrict NTFS permissions on the product installation directories (typically C:\Program Files\SKYSEA Client View and C:\Program Files\SKYMEC IT Manager) to allow only SYSTEM and Administrators groups full control, removing Modify/Write permissions for the Users group. Use ICACLS commands or Group Policy to enforce restrictive ACLs: icacls "C:\Program Files\SKYSEA Client View" /inheritance:d /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX". Note this workaround may interfere with product updates or self-service features requiring user-level write access. Monitor installation directories with file integrity monitoring (FIM) tools to detect unauthorized file modifications. Implement strict least-privilege access controls and monitor for unusual local privilege escalation attempts via Windows Event IDs 4672 and 4688.

Share

EUVD-2026-23793 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy