CVE-2026-39454
EUVD-2026-2379320.04.2026, 09:16
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| skygroup | skymec_it_manager | 𝑥 ≤ 2024.005.10a |
| skygroup | skysea_client_view | 𝑥 ≤ 21.200.07j |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.