CVE-2026-27788
Incorrect Permission Assignment in ServerView Agents for Windows Leads to Privilege Escalation
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unify | serverview_agents | to 11.60.04 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves incorrect permission assignment for a critical resource in ServerView Agents for Windows version 11.60.04 and earlier.
If exploited, a local authenticated attacker who can log in to the server where the affected product is installed may gain SYSTEM privileges, which is the highest level of access on a Windows system.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows a local authenticated attacker to escalate their privileges to SYSTEM level.
With SYSTEM privileges, the attacker can fully control the affected system, potentially leading to unauthorized access to sensitive data, modification or deletion of critical files, installation of malicious software, and disruption of system operations.
What immediate steps should I take to mitigate this vulnerability?
The vendor recommends updating to the latest version of ServerView Agents for Windows to mitigate this vulnerability.
Until the update is applied, applying any available workarounds provided by the vendor is advised.