CVE-2026-39454

Summary

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

Affected Software

VendorProductVersion RangeStatus
Sky Co.,LTD.SKYSEA Client ViewVer.21.200.07j and earlieraffected
Sky Co.,LTD.SKYMEC IT ManagerVer.2024.005.10a and earlieraffected

Weaknesses

  • CWE-276: Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References