CVE-2026-27788

Vulnerability

Incorrect permission assignment for a critical resource vulnerability exists in Fujitsu ServerView Agents for Windows V11.60.04 and earlier. The installer sets inappropriate file access permissions, allowing a low-privileged local user to leverage the improper ACLs to execute arbitrary code with SYSTEM privileges. The vulnerability is tracked as CWE-732 and affects only the Agents product, not the Agentless Service. [1][2]

Exploitation

An attacker must have local access to the server and be able to log in with a standard user account. No additional authentication or user interaction is required. The attacker exploits the weak file permissions on a critical resource (e.g., a service executable or configuration file) by replacing or manipulating it, causing the ServerView Agent service to execute the attacker's code in the context of SYSTEM. [1][2]

Impact

Successful exploitation grants the attacker full SYSTEM privileges on the affected Windows server. This leads to complete compromise of confidentiality, integrity, and availability of the host (CVSS 3.0 base score 7.8 for the incorrect permission issue). The attacker can then install programs, view/change/delete data, or create new accounts with full user rights. [1][2]

Mitigation

The vendor released ServerView Agents for Windows V11.70.06 on 2026-05-29 to fix this vulnerability. Users should update immediately via the Fujitsu product support page. As a workaround until the update can be applied, the vendor recommends following the advisory's steps (e.g., restricting access to the Agent installation directory). The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of publication. [1]