Improper File Access in SKYSEA Client View and SKYMEC IT Manager by Sky Co., LTD.
CVE-2026-39454

8.5HIGH

Key Information:

Vendor: Sky Co.,ltd.
Status: Skysea Client View; Skymec It Manager
Vendor: CVE Published:; 20 April 2026

🔔 Create Sky Co.,ltd. Vulnerability Alert

What is CVE-2026-39454?

The SKYSEA Client View and SKYMEC IT Manager software from Sky Co., LTD. suffer from improper file access permission settings in their installation directories. This vulnerability allows non-administrative users to exploit these permissions to manipulate and place arbitrary files within the software's installation folder. Consequently, this can lead to arbitrary code execution with administrative privileges, posing a significant security risk to affected systems.

Affected Version(s)

SKYMEC IT Manager Ver.2024.005.10a and earlier

SKYSEA Client View Ver.21.200.07j and earlier

References

https://www.skyseaclientview.net/news/260420_01/

https://jvn.jp/en/jp/JVN63376363/

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-39454 Data

JSON