CVE-2026-20893
Origin Validation Flaw in Fujitsu AuthConductor Enables SYSTEM Code Execution
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fujitsu | authconductor_client_basic_v2 | to 2.0.25.0 (exc) |
| fujitsu | authconductor_client_basic_v2 | to 2.0.24.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. It allows an attacker who has logged into the Windows system where the affected product is installed to execute arbitrary code with SYSTEM privileges and/or modify registry values.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with access to the Windows system to execute arbitrary code with the highest system privileges (SYSTEM) and modify critical registry values, potentially leading to full system compromise, unauthorized changes, and disruption of system operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect the vulnerability by checking if the affected software, Fujitsu Security Solution AuthConductor Client Basic V2, is installed and its version. On Windows systems, verify if "AuthConductor Client" appears in the Start menu application list. To check the version, click the "AuthConductor Client" icon in the taskbar notification area and select "About" or "Version Information". There are no specific network detection commands provided. For system detection, use Windows GUI as described. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the AuthConductor Client Basic V2 software to the latest fixed version provided by Fujitsu Client Computing Limited. Specifically, update to version 2.0.25.1 or later if you do not use the face authentication option or use the "Face Authentication Option V2 Media Pack" (L07 or later). If you use the "Face Authentication Option V2 Media Pack" (before L07), update to version 2.0.24.3. Download the appropriate driver from Fujitsu's driver download page, extract it, and follow the included Readme instructions to apply the update. After updating, verify the version to confirm the update was successful. [1, 2]