CVE-2026-27788
Deferred Deferred - Pending Action
Incorrect Permission Assignment in ServerView Agents for Windows Leads to Privilege Escalation

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: JPCERT/CC

Description
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-27788
EUVD
EUVD-2026-33571
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unify serverview_agents to 11.60.04 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves incorrect permission assignment for a critical resource in ServerView Agents for Windows version 11.60.04 and earlier.

If exploited, a local authenticated attacker who can log in to the server where the affected product is installed may gain SYSTEM privileges, which is the highest level of access on a Windows system.

Impact Analysis

The impact of this vulnerability is significant because it allows a local authenticated attacker to escalate their privileges to SYSTEM level.

With SYSTEM privileges, the attacker can fully control the affected system, potentially leading to unauthorized access to sensitive data, modification or deletion of critical files, installation of malicious software, and disruption of system operations.

Mitigation Strategies

The vendor recommends updating to the latest version of ServerView Agents for Windows to mitigate this vulnerability.

Until the update is applied, applying any available workarounds provided by the vendor is advised.

Compliance Impact

This vulnerability allows a local authenticated attacker to escalate privileges to SYSTEM level, potentially compromising the confidentiality, integrity, and availability of sensitive data on the affected server.

Such unauthorized privilege escalation and potential data compromise could lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive personal and health information.

Organizations using the affected ServerView Agents versions should address this vulnerability promptly to maintain compliance and protect sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27788. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart