CVE-2026-28267
medium
CVSS v3
5.5
CVSS v4 NEW
6.8
VIR risk
5.5
Description
Multiple i-ใใฃใซใฟใผ products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Predictions
Exploit likelihood
55%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://biz3.optim.co.jp/
- https://jvn.jp/en/jp/JVN17307628/
- https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88
- https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_01.pdf
- https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_02.pdf
- https://www.mobi-connect.net/file/ifilter/
CWEs
CWE-276
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.