CVE-2026-32680
Description
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Installer of RATOC RAID Monitoring Manager leaves insecure ACLs on custom install folder, allowing non-admin users to escalate to SYSTEM.
Vulnerability
CVE-2026-32680 is an incorrect default permissions vulnerability (CWE-276) in the installer of RATOC RAID Monitoring Manager for Windows. When the installation folder is customized to a non-default location, the installer fails to apply secure access control lists (ACLs), leaving the folder writable by non-administrative users [1].
Exploitation
An attacker must have local access to the system and be able to write to the insecure folder. Since the folder is not properly secured, any non-administrative user can alter its contents, such as placing a malicious DLL or executable [1].
Impact
Successful exploitation allows a non-administrative user to execute arbitrary code with SYSTEM privileges, leading to full compromise of the affected system [1].
Mitigation
RATOC Systems has released a patched version (2.00.009.260220) that fixes the issue. Users should update to the latest version as recommended in the vendor advisory [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- RATOC Systems, Inc./RATOC RAID Monitoring Manager for Windowsv5Range: prior to 2.00.009.260220
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.