Description
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Published: 2026-06-01
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ServerView Agents for Windows contain an incorrect permission assignment for a critical resource that allows a local authenticated attacker to elevate privileges to SYSTEM. This constitutes an access‑control flaw (CWE‑732) that can give an attacker full control of the target server, enabling tampering, data exfiltration, and persistence operations.

Affected Systems

The vulnerability affects Fsas Technologies Inc.’s ServerView Agents for Windows version V11.60.04 and all earlier releases.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity vulnerability, and although an EPSS score is not available, the attack requires only local authentication and can be performed on any server where the agent is installed. As the vulnerability is not listed in the CISA KEV catalog, zero‑day risk is currently unknown, yet the impact of achieving SYSTEM level remains critical.

Generated by OpenCVE AI on June 1, 2026 at 11:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official patch for ServerView Agents for Windows, as detailed in the FSAS advisory at https://www.fsastech.com/ja-jp/resources/security/2026/0529.html
  • If an immediate patch is unavailable, restrict the account and service permissions used by the agent to the minimum required, removing unnecessary SYSTEM or administrative rights
  • Perform a system audit to verify that no privileged processes are running under the agent’s service account and that the service is not configured to run with SYSTEM privileges

Generated by OpenCVE AI on June 1, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Fsastech
Fsastech serverview Agents For Windows
Vendors & Products Fsastech
Fsastech serverview Agents For Windows

Mon, 01 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Title Local Authenticated Privilege Escalation via Improper Permission Assignment in ServerView Agents

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Weaknesses CWE-732
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fsastech Serverview Agents For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-01T13:11:53.759Z

Reserved: 2026-05-14T05:26:40.582Z

Link: CVE-2026-27788

cve-icon Vulnrichment

Updated: 2026-06-01T13:11:48.507Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T09:16:16.590

Modified: 2026-06-01T18:09:03.137

Link: CVE-2026-27788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:30:16Z

Weaknesses
  • CWE-732

    Incorrect Permission Assignment for Critical Resource