PatchSiren cyber security CVE debrief
CVE-2026-27788 Fsas Technologies Inc. CVE debrief
A local privilege escalation vulnerability exists in ServerView Agents for Windows versions V11.60.04 and earlier. The issue stems from incorrect permission assignment for a critical resource (CWE-732), allowing a local authenticated attacker with login access to the affected server to obtain SYSTEM privileges. The vulnerability was published on June 1, 2026, and is rated HIGH severity with a CVSS score of 8.5. The vendor has been identified as FUJITSU based on the fsastech.com advisory reference, though vendor attribution carries low confidence and requires review. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Fsas Technologies Inc.
- Product
- ServerView Agents for Windows
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-01
- Original CVE updated
- 2026-06-01
- Advisory published
- 2026-06-01
- Advisory updated
- 2026-06-01
Who should care
System administrators managing Windows servers with FUJITSU ServerView Agents installations, security teams responsible for privilege escalation monitoring, and organizations using PRIMERGY or other FUJITSU server infrastructure with ServerView management components.
Technical summary
The vulnerability is classified as CWE-732 (Incorrect Permission Assignment for Critical Resource). In ServerView Agents for Windows V11.60.04 and earlier, improper access controls on critical resources allow a locally authenticated attacker to escalate privileges to SYSTEM. The CVSS 4.0 vector indicates a local attack vector (AV:L), low attack complexity (AC:L), no attack requirements (AT:N), low privileges required (PR:L), and no user interaction (UI:N), with high impacts across confidentiality, integrity, and availability (VC:H/VI:H/VA:H). This represents a significant risk on multi-user or insufficiently hardened Windows servers where lower-privileged accounts may have login access.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided patches or updates for ServerView Agents for Windows beyond V11.60.04 when available
- Review and restrict local user access to servers running affected ServerView Agents versions
- Audit local user accounts and privileges on systems hosting the affected product
- Monitor for anomalous privilege escalation attempts or unexpected SYSTEM-level process execution
- Verify file system permissions on critical resources used by ServerView Agents to ensure least privilege
- Subscribe to vendor security advisories for update notifications
Evidence notes
Vendor identification relies on domain inference from the fsastech.com advisory URL (ref-5), which corresponds to FUJITSU's security advisory portal. The CVE description and CVSS vector (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) confirm local attack vector with low attack complexity, requiring local privileges but no user interaction, with high impact on confidentiality, integrity, and availability.
Official resources
The vulnerability was disclosed on 2026-06-01. Affected versions are ServerView Agents for Windows V11.60.04 and earlier. The issue was reported through JPCERT/CC and documented in JVN advisory JVN67883085.