Published:2026/02/27 Last Updated:2026/02/27
JVN#41357120
Improper file access permission settings in the installers for multiple Soliton Systems products
Overview
The installers for multiple products provided by Soliton Systems K.K. are configured with improper file access permission settings.
Products Affected
- Soliton SecureBrowser for OneGate V1.0.0
- Soliton SecureBrowser II V2.0.0 to V2.0.14
- Soliton SecureWorkspace (formerly WrappingBox) V1.0.0 to V1.4.7
Description
The installers for multiple products provided by Soliton Systems K.K. contain the following vulnerability.
- Incorrect default permissions (CWE-276)
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 5.4
- CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 6.7
- CVE-2026-27653
Impact
Arbitrary code may be executed with SYSTEM privileges.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Soliton Systems K.K. | Vulnerable | 2026/02/27 | Soliton Systems K.K. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-27653 |
| JVN iPedia |
JVNDB-2026-000031 |