CVE Catalog

CVE-2026-12602

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In ArubaSign, versions prior to v4.6.6 have incorrect default permissions that grant excessive permissions to the 'Everyone' group for the main executable and other program files. This could allow an unprivileged user to replace the main executable with a malicious file.

Risk Assessment

If the malicious code is executed with elevated privileges, the attacker could gain full control of the system, leading to severe security and data integrity breaches.

Recommendation

It is recommended to update ArubaSign to version v4.6.6 or later and review and adjust permissions for program files to restrict access to trusted users.

Original NVD description (English source)

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS