CVE-2026-28267
Improper File Permission Allows Unauthorized File Overwrite in i
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digital_arts_inc | i-フィルター | to 10.02.00 (exc) |
| digital_arts_inc | i-フィルター | to 6.00.57 (exc) |
| digital_arts_inc | i-フィルター | to 6.10.57 (exc) |
| digital_arts_inc | i-フィルター | to 2.00.30 (exc) |
| digital_arts_inc | i-filter_ブラウザー&クラウド_multiagent | to 4.93R13 (exc) |
| digital_arts_inc | digitalarts@cloud_agent | to 1.70R01 (exc) |
| optim_corporation | related_product | to 4.93R13 (exc) |
| inventit_inc | related_product | to 4.93R13 (exc) |
| fujitsu_limited | related_product | to 4.93R13 (exc) |
| digital_arts | i-フィルター | to 6.00.57 (exc) |
| digital_arts | i-フィルター | to 10.02.00 (exc) |
| digital_arts | i-フィルター | to 6.10.57 (exc) |
| digital_arts | i-フィルター | to 2.00.30 (exc) |
| digital_arts | i-filter_ブラウザー&クラウド_multiagent | to 4.93R13 (exc) |
| digital_arts | digitalarts@cloud_agent | to 1.70R01 (exc) |
| optim | optim | to 4.93R13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-28267 is a vulnerability in multiple Digital Arts security products, including various versions of i-フィルター and related products. It arises from improper file access permission settings that allow non-administrative users to create or overwrite specific files named "serial.txt" and "serial.vbx" in system or backup directories where write permissions are normally denied.'}, {'type': 'paragraph', 'content': 'This vulnerability does not allow unlimited file creation or direct denial-of-service attacks, nor does it lead to information leakage or unauthorized data access. However, it compromises system integrity by permitting unauthorized file modifications in sensitive directories.'}, {'type': 'paragraph', 'content': 'The issue affects multiple product versions prior to specific fixed releases, and mitigation involves updating to the latest versions where the vulnerability has been addressed.'}] [1, 2, 6]
How can this vulnerability impact me? :
This vulnerability allows a user with low privileges to create or overwrite files in system or backup directories without administrative rights.
The impact is primarily on system integrity, as unauthorized file modifications could potentially alter system behavior or configurations.
There is no direct impact on confidentiality or availability, and no evidence of information leakage or denial-of-service attacks has been observed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves improper file access permission settings allowing non-administrative users to create or overwrite two fixed-named files, "serial.txt" and "serial.vbx," in system or backup directories where write permissions are normally denied.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you can check for the presence of these files in sensitive directories and verify the file permissions that allow low-privilege users to write in these locations.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect the vulnerability on a Windows system include:'}, {'type': 'list_item', 'content': 'Use PowerShell or Command Prompt to check if "serial.txt" or "serial.vbx" exist in system or backup directories.'}, {'type': 'list_item', 'content': 'Check directory permissions with commands like `icacls <directory_path>` to see if non-administrative users have write permissions.'}, {'type': 'list_item', 'content': 'Search for the files using `dir /s /b serial.txt` or `dir /s /b serial.vbx` starting from system or backup directories.'}, {'type': 'paragraph', 'content': 'Note that no direct network detection commands or signatures are provided in the available resources.'}] [1, 2, 6]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the affected Digital Arts products to the latest versions that address this vulnerability.
- Update i-フィルター 6.0 to version 6.00.57 or later.
- Update i-フィルター for マルチデバイス (Windows only) to version 6.00.57 or later.
- Update i-フィルター for ZAQ (Windows only) to version 6.00.57 or later.
- Update i-フィルター 10 (Windows only) to version 10.02.00 or later.
- Update i-フィルター for プロバイダー to version 2.00.30 or later.
- Update i-フィルター for ネットカフェ to version 6.10.57 or later.
- Update i-FILTER Browser & Cloud MultiAgent for Windows to version 4.93R13 or later.
- Update DigitalArts@Cloud Agent (Windows) to version 1.70R01 or later.
If the automatic update feature is enabled (default setting), updates will be applied automatically. Otherwise, manual updates should be performed following official instructions.
For further assistance, contact Digital Arts support via email or phone during business hours.