PatchSiren cyber security CVE debrief
CVE-2026-28267 Optim CVE debrief
CVE-2026-28267 documents improper file access permission settings across multiple i-フィルター (i-Filter) products, allowing non-administrative users to create or overwrite files in system and backup directories. The vulnerability is classified as CWE-276 (Incorrect Default Permissions) with a CVSS 4.0 base score of 6.8 (MEDIUM severity). The attack vector is local (AV:L), requires low attack complexity (AC:L), and low privileges (PR:L), with high impact to integrity (VI:H) but no confidentiality or availability impact. The CVE was published on March 10, 2026, and last modified on May 19, 2026. Multiple Japanese vendors appear affected based on reference links, including Optim (biz3.optim.co.jp), Fujitsu (sd.fjsd001.dfcenter.jp.fujitsu.com), DAJ (www.daj.jp), and Mobi-Connect (www.mobi-connect.net). The JVN advisory JVN17307628 provides coordinated disclosure. Vendor security advisories and patches were released around March 9, 2026. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA KEV.
- Vendor
- Optim
- Product
- i-Filter
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-05-19
Who should care
Organizations using i-Filter content filtering products from Japanese vendors including Optim, Fujitsu, DAJ, or Mobi-Connect; system administrators responsible for Windows-based content filtering deployments; security teams monitoring for local privilege escalation vectors; and compliance officers ensuring proper file system access controls on security infrastructure components.
Technical summary
The vulnerability stems from incorrect default file access permissions in i-Filter products, a category of content filtering software. Non-administrative users with local access can exploit weak permissions to create new files or overwrite existing files in sensitive directories including the system directory and backup directory. This integrity-only impact (VI:H) allows attackers to potentially modify critical application files, configuration data, or backup archives. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N) indicates the attack requires local access and low privileges but no user interaction. Multiple Japanese vendors distribute affected i-Filter products, suggesting a common codebase or shared component with improper permission defaults. The March 2026 disclosure timeline aligns with coordinated vendor patch releases.
Defensive priority
medium
Recommended defensive actions
- Review i-Filter product installations for improper directory permissions on system and backup directories
- Apply vendor security updates released March 2026 from affected vendors (Optim, Fujitsu, DAJ, Mobi-Connect)
- Verify file system permissions restrict write access to administrative accounts only
- Monitor for unauthorized file creation in i-Filter installation directories
- Review JVN JVN17307628 advisory for vendor-specific mitigation guidance
- Validate backup directory permissions are properly restricted
- Consider application whitelisting or integrity monitoring for critical i-Filter system files
Evidence notes
Primary evidence from NVD modified feed with CVSS 4.0 vector. JPCERT/CC ([email protected]) provided references including JVN advisory and multiple vendor security notices. Vendor evidence includes Optim business portal, Fujitsu support portal, DAJ security information PDFs dated 20260309, and Mobi-Connect i-Filter download page. CVSS scoring indicates local attack with integrity impact. NVD status is 'Deferred' suggesting ongoing analysis.
Official resources
2026-03-10T17:38:38.227Z