CVE-2026-39454

HIGH

SKYSEA Client View <=21.200.07j - Privilege Escalation

Title source: llm

Description

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.

References (2)

Core 2

Core References

https://www.skyseaclientview.net/news/260420_01/

https://jvn.jp/en/jp/JVN63376363/

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276 CWE-863

Status published

Products (4)

Sky Co.,LTD./SKYMEC IT Manager Ver.2024.005.10a and earlier

Sky Co.,LTD./SKYSEA Client View Ver.21.200.07j and earlier

skygroup/skymec_it_manager < 2024.005.10a

skygroup/skysea_client_view < 21.200.07j

Published Apr 20, 2026

Tracked Since Apr 20, 2026