{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-12602/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-22T15:52:23.747Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-12602","@id":"https://www.cve.org/CVERecord?id=CVE-2026-12602","description":"Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In"},"products":[{"@id":"cpe:2.3:a:aruba:arubasign:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:aruba:arubasign:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 4.6.6.","timestamp":"2026-06-22T15:52:23.747Z"}]}