Soliton SecureWorkspace/SecureBrowser Privilege Escalation via Improper File Permissions (CVE-2026-27653)

Key Information Summary Date: February 27, 2026 Subject: Vulnerabilities in Soliton SecureWorkspace, Soliton SecureBrowser II (Windows Version), and Soliton SecureBrowser for OneGate (Windows Version) Affected Products and Versions Soliton SecureWorkspace: V1.4.8, released on February 20, 2026 Soliton SecureBrowser II (Windows Version): V2.0.15, released on February 20, 2026 Soliton SecureBrowser for OneGate (Windows Version): V1.0.1, released on February 27, 2026 Vulnerability Summary Type: Improper File Permission Settings (CWE-276) Identifiers: - JVN#41357120 - CVE-2026-27653 CVSS Scores: - SOLITS: CVSS:4.0 /AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 5.4 - Soliton SecureBrowser II (Windows Version): CVSS:3.0 /AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 6.7 Impact Privilege Escalation: Risk of executing arbitrary code with SYSTEM privileges Mitigation Measures Update Recommendation: It is strongly recommended to update to the following versions: - Soliton SecureWorkspace V1.4.8 - Soliton SecureBrowser II (Windows Version) V2.0.15 - Soliton SecureBrowser for OneGate (Windows Version) V1.0.1 Upgrade Considerations: If non-default installation paths are used, issues may arise during the update process. It is recommended to verify compatibility in a limited scope beforehand. Reporting and Acknowledgments Reporter: Kazuma Matsumoto, GMO Cyber Security by Yellara Co., Ltd. Acknowledgments: We thank the reporter for disclosing this vulnerability, which enabled timely updates and fixes to ensure software security.

Goal Reached Thanks to every supporter — we hit 100%!

Soliton SecureWorkspace/SecureBrowser Privilege Escalation via Improper File Permissions (CVE-2026-27653)