CVE-2026-12602
Received Received - Intake
Incorrect Default Permissions in ArubaSign Allow Arbitrary Code Execution

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-12602
EUVD
EUVD-2026-38230
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
aruba arubasign to 4.6.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-12602 is a vulnerability in ArubaSign, a desktop application for digital signing, document verification, and timestamping. The issue arises from incorrect default permissions assigned during the software's installation. Specifically, the main executable and related files in the "C:\Program Files" directory have excessive permissions granted to the 'Everyone' group.

This misconfiguration allows an unprivileged user to replace the main executable or its components with malicious files. If such malicious code is executed, especially with elevated privileges like Administrator or SYSTEM, an attacker could execute arbitrary code and escalate their privileges, gaining full control over the affected system.

Impact Analysis

This vulnerability can have serious impacts on your system security and data integrity. An attacker with unprivileged access could replace critical executable files with malicious ones, leading to arbitrary code execution.

If the malicious code runs with elevated privileges, the attacker could escalate their access rights to Administrator or SYSTEM level, effectively gaining full control over your system. This could result in unauthorized access, data compromise, and potentially complete system takeover.

Detection Guidance

This vulnerability can be detected by checking the permissions of the ArubaSign main executable and related files located in the "C:\Program Files" directory. Specifically, you need to verify if the 'Everyone' group has excessive permissions on these files, which should not be the case.

On a Windows system, you can use the following commands to check the permissions:

  • Use PowerShell to check permissions: Get-Acl "C:\Program Files\ArubaSign\" | Format-List
  • Use icacls to view permissions: icacls "C:\Program Files\ArubaSign\"

Look for entries granting permissions to the 'Everyone' group. If such permissions exist on the main executable or related files, the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include removing or restricting the excessive permissions granted to the 'Everyone' group on the ArubaSign executable and related files in the "C:\Program Files" directory.

You can do this by modifying the file permissions to ensure only authorized users or system accounts have access. For example, use the icacls command to remove 'Everyone' permissions:

  • icacls "C:\Program Files\ArubaSign\" /remove:g Everyone

Additionally, monitor the system for any unauthorized changes to these files and restrict user privileges to prevent unprivileged users from modifying program files.

Note that as of now, no official patch or solution has been reported, so manual permission correction is the primary mitigation.

Compliance Impact

The vulnerability allows an unprivileged user to replace executable files with malicious ones, potentially leading to arbitrary code execution and full system compromise with elevated privileges. This compromises both security and data integrity.

Such a compromise of security and data integrity could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart