Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for securebrowser_for_onegate by soliton

    CVE-2026-27653 (GCVE-0-2026-27653)

    Vulnerability from nvd – Published: 2026-02-27 05:39 – Updated: 2026-02-27 18:52
    VLAI
    Summary
    The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect default permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27653",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T18:52:19.042391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T18:52:30.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Soliton SecureBrowser for OneGate",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.0"
                }
              ]
            },
            {
              "product": "Soliton SecureBrowser II",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.0.0 to V2.0.14"
                }
              ]
            },
            {
              "product": "Soliton SecureWorkspace (formerly WrappingBox)",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.0 to V1.4.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect default permissions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T05:39:54.060Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.soliton.co.jp/support/2026/006679.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN41357120/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-27653",
        "datePublished": "2026-02-27T05:39:54.060Z",
        "dateReserved": "2026-02-25T04:39:12.761Z",
        "dateUpdated": "2026-02-27T18:52:30.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27653 (GCVE-0-2026-27653)

    Vulnerability from cvelistv5 – Published: 2026-02-27 05:39 – Updated: 2026-02-27 18:52
    VLAI
    Summary
    The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect default permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27653",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T18:52:19.042391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T18:52:30.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Soliton SecureBrowser for OneGate",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.0"
                }
              ]
            },
            {
              "product": "Soliton SecureBrowser II",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.0.0 to V2.0.14"
                }
              ]
            },
            {
              "product": "Soliton SecureWorkspace (formerly WrappingBox)",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.0 to V1.4.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "Incorrect default permissions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T05:39:54.060Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.soliton.co.jp/support/2026/006679.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN41357120/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-27653",
        "datePublished": "2026-02-27T05:39:54.060Z",
        "dateReserved": "2026-02-25T04:39:12.761Z",
        "dateUpdated": "2026-02-27T18:52:30.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }