{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24016", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-20T05:13:56.618Z", "datePublished": "2026-01-21T07:19:03.236Z", "dateUpdated": "2026-02-24T14:51:46.137Z"}, "containers": {"cna": {"affected": [{"vendor": "Fsas Technologies Inc.", "product": "ServerView Agents for Windows", "versions": [{"version": "V11.50.06 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en-US", "cweId": "CWE-427", "type": "CWE"}]}], "references": [{"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html"}, {"url": "https://jvn.jp/en/jp/JVN65211823/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-21T07:19:03.236Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T14:28:05.334267Z", "id": "CVE-2026-24016", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T14:28:14.172Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-24T14:51:46.137Z"}, "references": [{"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-24T14:51:46.137Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24016", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-21T14:28:05.334267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T14:28:11.512Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Fsas Technologies Inc.", "product": "ServerView Agents for Windows", "versions": [{"status": "affected", "version": "V11.50.06 and earlier"}]}], "references": [{"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html"}, {"url": "https://jvn.jp/en/jp/JVN65211823/"}], "descriptions": [{"lang": "en", "value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-21T07:19:03.236Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24016", "state": "PUBLISHED", "dateUpdated": "2026-02-24T14:51:46.137Z", "dateReserved": "2026-01-20T05:13:56.618Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-01-21T07:19:03.236Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."}, {"lang": "es", "value": "El instalador de ServerView Agents para Windows proporcionado por Fsas Technologies Inc. puede cargar de forma insegura librer\u00edas de Enlace Din\u00e1mico. Se puede ejecutar c\u00f3digo arbitrario con privilegios de administrador cuando se ejecuta el instalador."}], "id": "CVE-2026-24016", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-01-21T08:15:59.407", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN65211823/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T15:33:37.583507+00:00", "value": {"mitigation_remediation": ["Apply any available vendor patch or update for ServerView Agents for Windows", "Verify the installer\u2019s digital signature and source before execution", "Run the installer only with the minimal required privileges and from a trusted network", "Consider disabling or restricting installation of the agent until a patch is applied"], "summary": {"action": "Patch", "impact": "Arbitrary code execution with administrator privileges"}, "threat_synthesis": {"affected_systems": "Vendor: Fsas Technologies Inc. Product: ServerView Agents for Windows. No specific version information was supplied by the CNA, so all released versions of this product might be affected.", "description_and_impact": "The ServerView Agents for Windows installer from Fsas Technologies Inc. fails to properly protect its dynamic library loading. During installation, the installer can resolve and load DLLs from insecure locations, allowing an attacker to supply a malicious library that executes with the full privileges of the installer process. This vulnerability can elevate the attacker\u2019s capabilities, letting them run arbitrary code under an administrator account on the target system, posing a severe risk to confidentiality, integrity and availability of the environment.", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity issue. The EPSS score is < 1\u202f%, suggesting that, at the time of analysis, exploitation likelihood is low, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to execute the installer with administrative rights; the attack vector is local installation, though a malicious installer could be distributed via social engineering or compromised networks. Based on the description, it is inferred that the attacker must have local access to run the installer. Once the installer runs, the insecure DLL search path allows the attacker to run arbitrary code with elevated privileges."}}}}, "created": "2026-01-22T10:15:21.682221+00:00", "title": "ServerView Agents for Windows Installer Allows Arbitrary Code Execution via Unsecured DLL Loading", "updated": "2026-04-18T15:45:04.269482+00:00", "vendors": ["fsastech", "fsastech$PRODUCT$serverview_agents_for_windows"]}