CVE-2026-12602

UNKNOWN 0.0

Incorrect permissions in ArubaSign by Aruba

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.

CWE	CWE-276
Vendor	aruba
Product	arubasign
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for aruba arubasign

Be the first to know when new unknown vulnerabilities affecting aruba arubasign are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Aruba / ArubaSign

0 < 4.6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-permissions-arubasign-aruba

Credits

Andrea Intilangelo (acme)