CVE-2026-39454
published 2026-04-20CVE-2026-39454: SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A…
PriorityP345high8.5CVSS 4.0
AVLACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.11%
1.6th percentile
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sky_co_ltd | skymec_it_manager | — | — |
| sky_co_ltd | skysea_client_view | — | — |
| skygroup | skymec_it_manager | <= 2024.005.10a | — |
| skygroup | skysea_client_view | <= 21.200.07j | — |
CVSS provenance
nvdv4.08.5HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3224-28wc-whrh: SKYSEA Client View and SKYMEC IT Manager provided by Sky Co
ghsa_unreviewed·2026-04-20
CVE-2026-39454 [HIGH] CWE-276 GHSA-3224-28wc-whrh: SKYSEA Client View and SKYMEC IT Manager provided by Sky Co
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege.
VulDB
Sky SKYSEA Client View/SKYMEC IT Manager Setting default permission (EUVD-2026-23793)
vuldb·2026-04-20·CVSS 8.5
CVE-2026-39454 [HIGH] Sky SKYSEA Client View/SKYMEC IT Manager Setting default permission (EUVD-2026-23793)
A vulnerability was found in Sky SKYSEA Client View and SKYMEC IT Manager. It has been rated as critical. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to incorrect default permissions.
This vulnerability is referenced as CVE-2026-39454. The attack can only be performed from a local environment. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-20
Published