{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27776", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-02-24T06:54:41.553Z", "datePublished": "2026-02-27T07:50:42.103Z", "dateUpdated": "2026-03-06T18:48:00.138Z"}, "containers": {"cna": {"affected": [{"vendor": "NTT DATA INTRAMART Corporation", "product": "intra-mart Accel Platform", "versions": [{"version": "2017 Spring (8.0.4) through 2025 Autumn (8.0.27)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege."}], "problemTypes": [{"descriptions": [{"description": "Deserialization of untrusted data", "lang": "en-US", "cweId": "CWE-502", "type": "CWE"}]}], "references": [{"url": "https://global.intra-mart.support/hc/en-us/articles/55266898383641"}, {"url": "https://jvn.jp/en/jp/JVN80500630/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-27T07:50:42.103Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T16:49:23.065852Z", "id": "CVE-2026-27776", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T18:48:00.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T16:49:23.065852Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T18:47:55.638Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "NTT DATA INTRAMART Corporation", "product": "intra-mart Accel Platform", "versions": [{"status": "affected", "version": "2017 Spring (8.0.4) through 2025 Autumn (8.0.27)"}]}], "references": [{"url": "https://global.intra-mart.support/hc/en-us/articles/55266898383641"}, {"url": "https://jvn.jp/en/jp/JVN80500630/"}], "descriptions": [{"lang": "en", "value": "IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization of untrusted data"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-27T07:50:42.103Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27776", "state": "PUBLISHED", "dateUpdated": "2026-03-06T18:48:00.138Z", "dateReserved": "2026-02-24T06:54:41.553Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-02-27T07:50:42.103Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "89F16356-1DDC-4B0E-A3BD-D6E28FFD05A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.5:-:*:*:*:*:*:*", "matchCriteriaId": "411AC706-E6E8-43CB-B306-2843FF30EF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.6:-:*:*:*:*:*:*", "matchCriteriaId": "E28D8EF5-B2AE-4059-9938-E50D8561C4D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.7:-:*:*:*:*:*:*", "matchCriteriaId": "EC5C891F-D7DD-4114-A41E-F5BE6C090862", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.8:-:*:*:*:*:*:*", "matchCriteriaId": "3C042BF5-B682-49B1-B55A-747FD8E404F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "0144B6BE-5B86-40E8-B271-6400C8DA10AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.10:-:*:*:*:*:*:*", "matchCriteriaId": "E7139EEC-BA08-4A35-8757-88DA39DD3FB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.11:-:*:*:*:*:*:*", "matchCriteriaId": "DD886B62-7059-436D-B694-3BB5BA52F9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.12:-:*:*:*:*:*:*", "matchCriteriaId": "D7E58764-9A88-4922-BD2F-23BB958C10C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.13:-:*:*:*:*:*:*", "matchCriteriaId": "015F17DC-934C-4BB2-BD46-19DEED7EE505", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.14:-:*:*:*:*:*:*", "matchCriteriaId": "08F5637C-5BAD-45B4-8A9E-B785DB0E6876", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.15:-:*:*:*:*:*:*", "matchCriteriaId": "A4B2E864-E7A1-440C-999A-4D0960AA7314", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.16:-:*:*:*:*:*:*", "matchCriteriaId": "DC4462C2-897E-4AFA-97AB-21C7985896E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.17:-:*:*:*:*:*:*", "matchCriteriaId": "59B3CAB0-13AF-4CF4-A953-3FEFECF74DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.19:-:*:*:*:*:*:*", "matchCriteriaId": "B6AD9220-23CA-410E-804D-BED13FDA10BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.20:-:*:*:*:*:*:*", "matchCriteriaId": "9347A2F6-6649-48A7-A96C-B8F92C60198A", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.21:-:*:*:*:*:*:*", "matchCriteriaId": "1BED774C-CF35-43C5-BECB-E87F0EF12500", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.22:-:*:*:*:*:*:*", "matchCriteriaId": "2BA7CEA2-94C8-409D-AE35-D57EBF3968D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.23:-:*:*:*:*:*:*", "matchCriteriaId": "D3730474-4CD9-44D5-B500-D63D45702193", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.24:-:*:*:*:*:*:*", "matchCriteriaId": "2632CAB9-A0F0-4CB3-A0D5-42D2A8F6FEE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.25:-:*:*:*:*:*:*", "matchCriteriaId": "4266B4E3-7796-448A-9F98-75480C23EB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.26:-:*:*:*:*:*:*", "matchCriteriaId": "6B0F52F4-F4FC-47F7-9252-9A2D16ACD0BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.27:-:*:*:*:*:*:*", "matchCriteriaId": "9F4FAEDE-4933-45A1-8F55-E6CC71969AF4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege."}, {"lang": "es", "value": "El m\u00f3dulo IM-LogicDesigner de intra-mart Accel Platform contiene un problema de deserializaci\u00f3n insegura. Esto puede ser explotado solo cuando IM-LogicDesigner est\u00e1 desplegado en el sistema. Se puede ejecutar c\u00f3digo arbitrario cuando se importa alg\u00fan archivo manipulado por un usuario con privilegios de administrador."}], "id": "CVE-2026-27776", "lastModified": "2026-03-23T14:21:07.567", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-02-27T08:17:09.850", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://global.intra-mart.support/hc/en-us/articles/55266898383641"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN80500630/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[8.0.4,8.0.27]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}]}, "product": "intra-mart_accel_platform", "vendor": "ntt_data_intramart"}], "analysis": {"en": {"generated_at": "2026-04-16T15:30:19.983832+00:00", "value": {"mitigation_remediation": ["Upgrade to a version of intra\u2011mart Accel Platform that contains a fix for insecure deserialization and removes the vulnerable IM\u2011LogicDesigner behavior.", "Enforce strict access control on the IM\u2011LogicDesigner module, limiting file import capability to a narrow set of trusted administrators and disabling the feature when not needed.", "Monitor application logs and system activity for indicators of deserialization attempts or unexpected runtime behavior, and respond promptly to any anomalous activity."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "NTT DATA INTRAMART Corporation\u2019s intra\u2011mart Accel Platform versions 8.0.4 through 8.0.27 are affected. The issue exists in every iteration of the Accel Platform within that range where the IM\u2011LogicDesigner component is present.", "description_and_impact": "The IM-LogicDesigner module in intra\u2011mart Accel Platform implements insecure deserialization. When a user with administrative privileges imports a crafted file into the module, an attacker can execute arbitrary code on the underlying system. The vulnerability directly compromises confidentiality, integrity, and availability by allowing full control over the compromised host.", "risk_and_exploitability": "The CVSS score of 8.6 classifies this vulnerability as high. Although the EPSS score is reported as less than 1%, indicating a low exploitation probability, the lack of a KEV listing suggests no widespread public exploits have been observed. The attack vector is inferred to be local, requiring an attacker to have administrative access to the system in order to import a malicious file. Once the crafted file is loaded by an admin user, arbitrary code execution is possible, making the risk significant for environments where administrative privileges are not tightly controlled."}}}}, "created": "2026-02-27T16:06:04.318750+00:00", "title": "Insecure Deserialization in intra\u2011mart Accel Platform IM\u2011LogicDesigner Allowing Arbitrary Code Execution", "updated": "2026-04-16T15:45:16.054867+00:00", "vendors": ["ntt_data_intramart", "ntt_data_intramart$PRODUCT$intra-mart_accel_platform"]}