Cyber Resilience

CVE-2026-22888

Medium

Published: 02 February 2026

Published
02 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22888 is a medium-severity Improper Handling of Extra Values (CWE-231) vulnerability in Cybozu Garoon. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22888 is an improper input verification vulnerability affecting Cybozu Garoon versions 5.0.0 through 6.0.3. The issue, classified under CWE-231, allows unauthorized alteration of portal settings, which can potentially block user access to the product. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables the attacker to modify portal settings, leading to denial of service by blocking access to Garoon for legitimate users.

Mitigation details are provided in advisories from JVN (https://jvn.jp/en/jp/JVN35265756/) and Cybozu Knowledge Base (https://kb.cybozu.support/article/39083/), published around the CVE disclosure on 2026-02-02. Security practitioners should consult these for patch information and workarounds applicable to affected Garoon installations.

EU & UK References

Vulnerability details

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote unauthenticated exploitation of public-facing Garoon web application to alter settings and cause availability impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

cybozu
garoon
5.0.0 — 6.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the improper input verification vulnerability by requiring validation checks on inputs that could lead to unauthorized alteration of portal settings.

prevent

Requires timely identification, reporting, and correction of flaws like this improper input verification issue to prevent exploitation.

prevent

Restricts and authorizes changes to system components such as portal settings, mitigating unauthorized alterations even if input validation is bypassed.

References