Description
Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.
Published: 2026-01-07
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Execute arbitrary code with SYSTEM privilege
Action: Immediate Patch
AI Analysis

Impact

An origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 allows an attacker who can log in to the Windows system to execute arbitrary code with SYSTEM privilege and modify registry values. The flaw is a trust boundary violation (CWE‑346), providing broad impact on confidentiality, integrity, and availability of the affected machine.

Affected Systems

The vulnerability affects Fujitsu Client Computing Limited’s AuthConductor Client Basic V2 product; versions 2.0.25.0 and earlier are impacted. Upgrading to a newer release should remediate the issue.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity, but the EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread exploitation. The likely attack vector requires local access; an adversary who can log in to the Windows system where the product runs can trigger the flaw, then achieve SYSTEM privileges or alter critical registry settings.

Generated by OpenCVE AI on April 18, 2026 at 08:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version newer than 2.0.25.0 where the origin validation flaw is fixed.
  • Restrict local user accounts that can log in to the system hosting AuthConductor Client Basic, limiting the attack surface for local privilege escalation.
  • Configure the AuthConductor Client Basic service to run with the least privileges required, avoiding SYSTEM level access when possible.

Generated by OpenCVE AI on April 18, 2026 at 08:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Origin Validation Error Allows SYSTEM Privilege Execution in Fujitsu AuthConductor Client Basic V2

Wed, 07 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Fujitsu
Fujitsu security Solution Authconductor Client Basic V2
Microsoft
Microsoft windows
Vendors & Products Fujitsu
Fujitsu security Solution Authconductor Client Basic V2
Microsoft
Microsoft windows

Wed, 07 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.
Weaknesses CWE-346
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujitsu Security Solution Authconductor Client Basic V2
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-01-07T14:38:27.948Z

Reserved: 2025-12-22T02:14:24.139Z

Link: CVE-2026-20893

cve-icon Vulnrichment

Updated: 2026-01-07T14:38:21.939Z

cve-icon NVD

Status : Deferred

Published: 2026-01-07T12:17:08.023

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20893

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:15:15Z

Weaknesses