Description
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
Published: 2026-02-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized modification of portal settings that may block product access
Action: Immediate Patch
AI Analysis

Impact

Improper input verification exists in Cybozu Garoon versions 5.0.0 through 6.0.3, allowing an attacker to alter portal settings without proper validation. This capability can lead to configuration changes that may block legitimate users from accessing the product, effectively causing a denial of service.

Affected Systems

Cybozu Garoon users operating on version 5.0.0 to 6.0.3 are affected. The vulnerability applies to all installations of the product within that version range.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and the EPSS value of less than 1% suggests a low current exploitation probability. The flaw is not listed in the CISA KEV catalog, meaning no confirmed exploits are documented at this time. The likely attack vector is through the web interface or configuration API that accepts portal setting changes, as the lack of input validation permits unauthorized modifications. The risk is therefore moderate but the chance of real-world exploitation is currently low.

Generated by OpenCVE AI on April 18, 2026 at 00:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cybozu Garoon to the latest release that contains the fix, such as version 6.0.4 or later
  • Restrict modification rights to portal settings to authorized administrators only
  • Ensure that all input for portal settings is properly validated to reject malformed or unexpected data

Generated by OpenCVE AI on April 18, 2026 at 00:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Title Improper Input Verification Enabling Unauthorized Portal Settings Modification

Thu, 19 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 04 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Cybozu
Cybozu garoon
Vendors & Products Cybozu
Cybozu garoon

Mon, 02 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 06:45:00 +0000

Type Values Removed Values Added
Description Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
Weaknesses CWE-231
References
Metrics cvssV3_0

{'score': 4.9, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cybozu Garoon
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-02-02T16:28:09.211Z

Reserved: 2026-01-27T00:34:57.984Z

Link: CVE-2026-22888

cve-icon Vulnrichment

Updated: 2026-02-02T15:13:43.255Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T07:16:45.523

Modified: 2026-02-19T14:53:03.017

Link: CVE-2026-22888

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T00:45:32Z

Weaknesses