CVE-2026-24016

The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN65211823/
https://www.fsastech.com/ja-jp/resources/security/2026/0121.html
https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El instalador de ServerView Agents para Windows proporcionado por Fsas Technologies Inc. puede cargar de forma insegura librerías de Enlace Dinámico. Se puede ejecutar código arbitrario con privilegios de administrador cuando se ejecuta el instalador.

24 Feb 2026, 15:21

Type	Values Removed	Values Added
References		() https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf -

21 Jan 2026, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-21 08:15

Updated : 2026-04-15 00:35

NVD link : CVE-2026-24016

Mitre link : CVE-2026-24016

CVE.ORG link : CVE-2026-24016

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2026-24016", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-21T08:15:59.407", "references": [{"url": "https://jvn.jp/en/jp/JVN65211823/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."}, {"lang": "es", "value": "El instalador de ServerView Agents para Windows proporcionado por Fsas Technologies Inc. puede cargar de forma insegura librer\u00edas de Enlace Din\u00e1mico. Se puede ejecutar c\u00f3digo arbitrario con privilegios de administrador cuando se ejecuta el instalador."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "vultures@jpcert.or.jp"}