CVE-2026-23648

Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions

CVSS 8.5 HIGHEPSS 0.1%CWE-732

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Glory Global Solutions · RBG-100

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.glory-global.com/https://www.vulncheck.com/advisories/glory-rbg-100-recycler-system-local-privilege-escalation-via-insecure-file-permissions