How is CVE-2026-27788 exploited?

Network reachability (not-required): The attacker needs an existing shell or login session on the host; no network-facing exposure is required to trigger the vulnerability. Authentication (required): Any low-privilege account with the ability to log in to the server where ServerView Agents is installed is sufficient to attempt exploitation. Victim interaction (not-required): The attacker does not need another user to take any action; exploitation proceeds without victim participation. Attack complexity (info): The exploit is reliable and condition-free; no race conditions, special memory layout, or environmental timing are required.

What is the impact of CVE-2026-27788?

A successful attacker elevates to SYSTEM privilege and gains unrestricted read access to all files on the host, including credentials, certificates, and secrets stored on disk. The attacker can write or overwrite any file on the system, modify service binaries, and alter configuration that persists across reboots. All running processes on the host are reachable for inspection or termination, and new processes can be spawned under SYSTEM context. The full integrity and confidentiality of the host operating system is compromised; any data processed or stored on the server is accessible to the attacker.

Back to search

HIGHCVE-2026-27788Published 2026-06-01Modified 2026-06-01CNA jpcert

CVE-2026-27788: Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An incorrect permission assignment vulnerability exists in Fsas Technologies ServerView Agents for Windows V11.60.04 and earlier. The flaw is reachable locally and requires a low-privilege authenticated account on the host, meaning an attacker must already have a shell or login session on the affected server. Successful exploitation grants the attacker SYSTEM-level privileges, enabling full control over the operating system including reading and writing any file or process on the host. HarborGuard is tracking this advisory and will make a patched-image rebuild available as soon as an upstream fix is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including the JPCERT advisory, within minutes of publication and matched against customer images in connected registries and CI/CD pipelines. This coverage extends to custom-built Windows container images that bundle ServerView Agents components.

Available

Triage

HarborGuard surfaces this CVE with its CVSS v4.0 score of 8.5 (HIGH), weighted against each customer environment's compliance policy to determine urgency and routing. Findings are automatically directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

No fix version has been published by the vendor for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be initiated without manual intervention once a fix version exists.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or login session on the host; no network-facing exposure is required to trigger the vulnerability.
AuthenticationRequired
Any low-privilege account with the ability to log in to the server where ServerView Agents is installed is sufficient to attempt exploitation.
Victim interactionNot required
The attacker does not need another user to take any action; exploitation proceeds without victim participation.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, special memory layout, or environmental timing are required.

Blast Radius

A successful attacker elevates to SYSTEM privilege and gains unrestricted read access to all files on the host, including credentials, certificates, and secrets stored on disk.
The attacker can write or overwrite any file on the system, modify service binaries, and alter configuration that persists across reboots.
All running processes on the host are reachable for inspection or termination, and new processes can be spawned under SYSTEM context.
The full integrity and confidentiality of the host operating system is compromised; any data processed or stored on the server is accessible to the attacker.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been published for this CVE, the focus is on detection, monitoring, and compensating controls. HarborGuard continuously re-checks the JPCERT advisory and vendor channels on every ingest cycle so a patched rebuild becomes available the moment Fsas Technologies ships a fix version. In the meantime, customers are advised to apply network-policy isolation to restrict lateral movement from hosts running ServerView Agents, enforce least-privilege login controls to limit which accounts can reach those hosts, and review host-level audit logging for unexpected privilege-use events on affected servers. For customers with auto-remediation enabled, the rebuild, regression test run, and PR workflow will trigger automatically against affected workloads once an upstream fix version is confirmed.

See how HarborGuard automates this

Affected packages

Fsas Technologies Inc. / ServerView Agents for Windows
V11.60.04 and earlier

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified