CVE-2026-28267

low-risk
Published 2026-03-10

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

References (6)

https://biz3.optim.co.jp/
https://jvn.jp/en/jp/JVN17307628/
https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%A...
https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=informati...
https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=informati...
https://www.mobi-connect.net/file/ifilter/
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal