CVE-2026-23648
Local Privilege Escalation via Writable Binaries in Glory RBG
Publication date: 2026-02-17
Last updated on: 2026-02-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| glory | rbg-100_recycler_system | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23648 affects the Glory RBG-100 Recycler System, specifically the ISPK-08 software component. The vulnerability is due to multiple system binaries having overly permissive file permissions. Several binaries that run with root privileges are writable and executable by unprivileged local users.
This improper permission setting allows a local attacker who has access to the system to replace or modify these binaries. By doing so, the attacker can execute arbitrary commands with root privileges, leading to local privilege escalation.
How can this vulnerability impact me? :
This vulnerability can have a significant impact because it allows an attacker with local access to escalate their privileges to root level. This means the attacker can execute any command on the system with the highest level of permissions.
- Unauthorized modification or replacement of critical system binaries.
- Execution of arbitrary commands with root privileges.
- Potential full system compromise due to elevated privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the file permissions of system binaries executed by the root user on the Glory RBG-100 recycler system. Specifically, you should look for binaries that are writable and executable by unprivileged local users, which indicates overly permissive file permissions.'}, {'type': 'paragraph', 'content': "Commands to detect such insecure permissions include using 'ls -l' to list permissions of relevant binaries and 'find' to locate files with writable permissions for non-root users. For example:"}, {'type': 'list_item', 'content': 'ls -l /path/to/binaries'}, {'type': 'list_item', 'content': 'find /path/to/binaries -perm /022 -type f -exec ls -l {} \\;'}, {'type': 'paragraph', 'content': 'These commands help identify binaries that are writable by group or others, which should not be the case for root-executed binaries.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps involve correcting the file permissions of the affected system binaries to remove write and execute permissions from unprivileged users. This prevents local attackers from modifying or replacing these binaries.
Specifically, you should:
- Identify all affected binaries with overly permissive permissions.
- Use chmod to set appropriate permissions, for example: chmod 755 or more restrictive, ensuring only root can write to these binaries.
- Restrict local user access to these binaries where possible.
Additionally, monitor for any unauthorized changes to these binaries and apply vendor patches or updates once available.