CVE-2026-27653 identifies a security vulnerability in Soliton Systems K.K.'s Soliton SecureBrowser for OneGate, specifically version 1.0.0. The root cause is incorrect default permissions set by the product's installers, which inadvertently grant excessive privileges to certain files or directories. This misconfiguration enables a local attacker with limited privileges to execute arbitrary code with SYSTEM-level privileges, effectively escalating their rights on the affected system. The vulnerability requires local access and user interaction, and the attack complexity is high, indicating that exploitation is not trivial but feasible under certain conditions. The CVSS 3.0 score of 6.7 reflects a medium severity level, with high impact on confidentiality, integrity, and availability. No known public exploits or patches are currently available, which increases the urgency for organizations to implement interim mitigations. The vulnerability affects only version 1.0.0 of the product, suggesting that newer versions may have addressed this issue or that a patch is forthcoming. The vulnerability was published on February 27, 2026, and assigned by JPCERT. Given the SYSTEM-level code execution potential, successful exploitation could allow attackers to fully compromise affected endpoints, install persistent malware, or disrupt operations.

The vulnerability poses a significant risk to organizations deploying Soliton SecureBrowser for OneGate, as it allows local attackers to gain SYSTEM-level privileges, the highest level of access on Windows systems. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of critical files, and disruption of services. The elevated privileges could also facilitate lateral movement within networks, increasing the scope of potential damage. Since exploitation requires local access and user interaction, insider threats or compromised user accounts are primary vectors. The absence of known exploits in the wild reduces immediate risk but does not eliminate it, as attackers could develop exploits once details become widely known. Organizations relying on this product for secure browsing or gateway access may face increased exposure to privilege escalation attacks, potentially undermining their security posture and compliance requirements.

Organizations should immediately audit the permissions set by the Soliton SecureBrowser for OneGate installers, particularly for version 1.0.0, and correct any overly permissive settings to restrict access to trusted administrators only. Until an official patch is released, consider deploying application whitelisting and endpoint detection and response (EDR) solutions to monitor and block unauthorized code execution attempts. Limit local user privileges wherever possible and enforce strict user account control policies to reduce the likelihood of successful exploitation. Conduct user training to raise awareness about the risks of executing untrusted installers or software. Additionally, isolate systems running the affected product from sensitive network segments to contain potential breaches. Maintain close communication with Soliton Systems K.K. for updates and apply patches promptly once available. Implement robust logging and monitoring to detect suspicious activities indicative of privilege escalation attempts.