CVE-2026-28267

Summary

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.

Affected Software

VendorProductVersion RangeStatus
Digital Arts Inc.i-フィルター 10 (Windows version only)prior to Ver.10.02.00affected
Digital Arts Inc.i-フィルター 6.0prior to Ver.6.00.57affected
Digital Arts Inc.i-フィルター for ネットカフェprior to Ver.6.10.57affected
Digital Arts Inc.i-フィルター for マルチデバイス (Windows version only)prior to Ver.6.00.57affected
Digital Arts Inc.i-フィルター for ZAQ (Windows version only)prior to Ver.6.00.57affected
Digital Arts Inc.i-フィルター for プロバイダーprior to Ver.2.00.30affected
Digital Arts Inc.i-FILTER ブラウザー&クラウド MultiAgent for Windowsprior to Ver.4.93R13affected
Digital Arts Inc.DigitalArts@Cloud Agent (for Windows)prior to Ver.1.70R01affected
OPTiM CorporationOptimal Biz Web Filtering Powered by i-FILTER (Windows version)prior to 4.93R13affected
Inventit Inc.MobiConnect i-FILTER Browser Option MultiAgent for Windowsprior to Ver.4.93R13affected
Fujitsu Limitedi-FILTER Browser & Cloud MultiAgent for Windowsprior to Ver.4.93R13affected

Weaknesses

  • CWE-276: Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References