Skip to main content

Arubasign

1 CVEs product

Monthly

CVE-2026-12602 HIGH PATCH This Week

Local privilege escalation in ArubaSign prior to v4.6.6 stems from overly permissive ACLs applied at installation, granting the 'Everyone' group write access to the main executable and supporting files under C:\Program Files. An unprivileged local user can swap these binaries for malicious payloads that subsequently execute under the privileges of any user (potentially Administrator or SYSTEM) who later launches the application. No public exploit identified at time of analysis and the issue is not on CISA KEV.

RCE Privilege Escalation Arubasign
NVD
CVSS 4.0
8.8
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in ArubaSign prior to v4.6.6 stems from overly permissive ACLs applied at installation, granting the 'Everyone' group write access to the main executable and supporting files under C:\Program Files. An unprivileged local user can swap these binaries for malicious payloads that subsequently execute under the privileges of any user (potentially Administrator or SYSTEM) who later launches the application. No public exploit identified at time of analysis and the issue is not on CISA KEV.

RCE Privilege Escalation Arubasign
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy