CVE-2026-57895
Received Received - Intake

Incorrect Default Permissions Lead to Arbitrary Code Execution in Pupsman

Vulnerability report for CVE-2026-57895, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: JPCERT/CC

Description

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fuji_electric pupsman to 3.9.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57895 is a vulnerability in Pupsman versions prior to 3.9.0 caused by incorrect default permissions. This flaw allows an attacker to place a malicious executable file in the software's installation folder.

By doing so, the attacker can execute arbitrary code with SYSTEM-level privileges, which means they gain the highest level of control over the affected system.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker to run any code they choose with SYSTEM privileges on your system.

  • Complete system compromise due to arbitrary code execution.
  • Potential unauthorized access to sensitive data or system resources.
  • Disruption of UPS management functions, which could affect power supply reliability and connected device safety.
  • Increased risk of malware installation or persistent backdoors.
Detection Guidance

This vulnerability involves incorrect default permissions in Pupsman versions prior to 3.9.0, allowing an attacker to place a malicious executable in the installation folder. Detection would involve verifying the version of Pupsman installed and inspecting the permissions of the installation directory.

  • Check the installed Pupsman version to confirm if it is prior to 3.9.0.
  • On Windows, use the command: "dir /Q <installation_folder>" to check ownership and permissions.
  • On Linux, use the command: "ls -l <installation_folder>" to review permissions and ownership.
  • Look for any unexpected or unauthorized executable files in the installation folder.
Mitigation Strategies

The primary mitigation step is to update Pupsman to version 3.9.0 or later, where this vulnerability has been fixed.

Until the update can be applied, restrict write permissions to the installation folder to prevent unauthorized placement of executables.

Regularly monitor the installation directory for any suspicious files or changes.

Compliance Impact

The vulnerability in Pupsman prior to version 3.9.0 allows an attacker to execute arbitrary code with SYSTEM privileges by placing a malicious executable in the installation folder due to incorrect default permissions.

Such a vulnerability can lead to unauthorized access and control over systems managing critical infrastructure like UPS devices, potentially compromising the confidentiality, integrity, and availability of data.

This risk may impact compliance with standards and regulations such as GDPR and HIPAA, which require organizations to protect sensitive data and maintain secure systems to prevent unauthorized access and data breaches.

Failure to address this vulnerability could result in non-compliance due to inadequate security controls, increasing the risk of data exposure or system compromise.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57895. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart