{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27653", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-02-25T04:39:12.761Z", "datePublished": "2026-02-27T05:39:54.060Z", "dateUpdated": "2026-02-27T18:52:30.918Z"}, "containers": {"cna": {"affected": [{"vendor": "Soliton Systems K.K.", "product": "Soliton SecureBrowser for OneGate", "versions": [{"version": "V1.0.0", "status": "affected"}]}, {"vendor": "Soliton Systems K.K.", "product": "Soliton SecureBrowser II", "versions": [{"version": "V2.0.0 to V2.0.14", "status": "affected"}]}, {"vendor": "Soliton Systems K.K.", "product": "Soliton SecureWorkspace (formerly WrappingBox)", "versions": [{"version": "V1.0.0 to V1.4.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"description": "Incorrect default permissions", "lang": "en-US", "cweId": "CWE-276", "type": "CWE"}]}], "references": [{"url": "https://www.soliton.co.jp/support/2026/006679.html"}, {"url": "https://jvn.jp/en/jp/JVN41357120/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-27T05:39:54.060Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T18:52:19.042391Z", "id": "CVE-2026-27653", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:52:30.918Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T18:52:19.042391Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:52:25.765Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Soliton Systems K.K.", "product": "Soliton SecureBrowser for OneGate", "versions": [{"status": "affected", "version": "V1.0.0"}]}, {"vendor": "Soliton Systems K.K.", "product": "Soliton SecureBrowser II", "versions": [{"status": "affected", "version": "V2.0.0 to V2.0.14"}]}, {"vendor": "Soliton Systems K.K.", "product": "Soliton SecureWorkspace (formerly WrappingBox)", "versions": [{"status": "affected", "version": "V1.0.0 to V1.4.7"}]}], "references": [{"url": "https://www.soliton.co.jp/support/2026/006679.html"}, {"url": "https://jvn.jp/en/jp/JVN41357120/"}], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect default permissions"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-27T05:39:54.060Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27653", "state": "PUBLISHED", "dateUpdated": "2026-02-27T18:52:30.918Z", "dateReserved": "2026-02-25T04:39:12.761Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-02-27T05:39:54.060Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:soliton:securebrowser_for_onegate:1.0.0:*:*:*:*:windows:*:*", "matchCriteriaId": "8479857E-911F-493B-B6BE-E11C385548F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:soliton:securebrowser_ii:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F265960F-EDD1-41AD-905D-45085D29513D", "versionEndExcluding": "2.0.15", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:soliton:secureworkspace:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BBE1A75-C87A-4B74-B68D-1E3B793C00A8", "versionEndExcluding": "1.4.8", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges."}, {"lang": "es", "value": "Los instaladores para m\u00faltiples productos proporcionados por Soliton Systems K.K. contienen un problema con permisos predeterminados incorrectos, lo que puede permitir que se ejecute c\u00f3digo arbitrario con privilegios de SYSTEM."}], "id": "CVE-2026-27653", "lastModified": "2026-03-17T15:48:27.283", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-02-27T06:17:59.753", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN41357120/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.soliton.co.jp/support/2026/006679.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "V1.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Soliton SecureBrowser for OneGate", "source": "cna", "vendor": "Soliton Systems K.K."}, "product": "soliton_securebrowser_for_onegate", "vendor": "soliton_systems_k.k."}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[V2.0.0,V2.0.14]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Soliton SecureBrowser II", "source": "cna", "vendor": "Soliton Systems K.K."}, "product": "soliton_securebrowser_ii", "vendor": "soliton_systems_k.k."}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[V1.0.0,V1.4.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Soliton SecureWorkspace (formerly WrappingBox)", "source": "cna", "vendor": "Soliton Systems K.K."}, "product": "soliton_secureworkspace_(formerly_wrappingbox)", "vendor": "soliton_systems_k.k."}], "analysis": {"en": {"generated_at": "2026-04-17T14:02:09.828047+00:00", "value": {"mitigation_remediation": ["Download and install the latest Soliton SecureBrowser II installer from the vendor\u2019s support site", "Uninstall any existing installation of SecureBrowser II, SecureBrowser for OneGate, or SecureWorkspace and then reinstall using the updated installer to ensure correct permissions", "Audit the file permissions and access levels after installation to confirm that they have been set as intended"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution with SYSTEM privileges"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Soliton Systems K.K. products: SecureBrowser II, SecureBrowser for OneGate, and SecureWorkspace (formerly WrappingBox). All products available on Windows platforms are susceptible; specific versions are not enumerated in the advisory, so any installation build should be considered vulnerable until a patch is applied.", "description_and_impact": "Installers for Soliton SecureBrowser II, SecureBrowser for OneGate, and SecureWorkspace contain incorrect default permissions that can be leveraged by an attacker to execute arbitrary code with SYSTEM privileges. The weakness corresponds to CWE\u2011276 (Incorrect Permission Assignment) and CWE\u2011863 (Insufficient or Incorrect Permission Enforcement). As a result, a malicious actor could gain full control of the affected Windows machine if they can run a malicious component during or after installation.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests that exploitation is unlikely but not impossible. The vulnerability is not listed in the CISA KEV catalog, so it is not known to have been actively exploited in the wild. The attack vector is inferred to be the installation process; an attacker who can influence the installer\u2014directly or via a compromised installation medium\u2014could trigger the misconfigured permissions and achieve privilege escalation."}}}}, "created": "2026-02-27T16:06:10.453607+00:00", "updated": "2026-04-17T14:15:21.783522+00:00", "vendors": ["soliton_systems_k.k.", "soliton_systems_k.k.$PRODUCT$soliton_securebrowser_for_onegate", "soliton_systems_k.k.$PRODUCT$soliton_securebrowser_ii", "soliton_systems_k.k.$PRODUCT$soliton_secureworkspace_(formerly_wrappingbox)"]}