CVE-2026-39454_CVE-2026-39454

7.8 / 10

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

Basic Information

ID CVE-2026-39454

Source jpcert

Published Apr 20, 2026 at 08:04

Affected Product

Vendor Sky Co.,LTD.

Product SKYSEA Client View

Version Ver.21.200.07j and earlier

Affected Versions Sky Co.,LTD. SKYSEA Client View Ver.21.200.07j and earlier
Sky Co.,LTD. SKYMEC IT Manager Ver.2024.005.10a and earlier

CWE Classification

CWE-276

References

{
    "lastseen": "",
    "description": "SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.",
    "published": "2026-04-20T08:04:56.595Z",
    "modified": "2026-04-20T08:04:56.595Z",
    "type": "cve",
    "title": "CVE-2026-39454",
    "source": "jpcert",
    "references": "https://www.skyseaclientview.net/news/260420_01/\nhttps://jvn.jp/en/jp/JVN63376363/",
    "id": "CVE-2026-39454",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "Sky Co.,LTD. SKYSEA Client View Ver.21.200.07j and earlier\nSky Co.,LTD. SKYMEC IT Manager Ver.2024.005.10a and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SKYSEA Client View",
    "version": "Ver.21.200.07j and earlier",
    "vendor": "Sky Co.,LTD.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}