CVE-2026-23648

HighPublic PoCLPE

Published: 17 February 2026

Published

17 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23648 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Glory Global (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File System Permissions Weakness (T1044); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to File System Permissions Weakness (T1044). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Establishes and enforces secure configuration settings, including restrictive file permissions on root-executed system binaries to prevent modification by unprivileged local users.

CM-5 Access Restrictions for Change good match

prevent

Limits access to make changes to critical system components, directly preventing unprivileged users from replacing or modifying root binaries.

SI-7 Software, Firmware, and Information Integrity partial match

detect

Monitors the integrity of software and firmware to identify unauthorized modifications to vulnerable system binaries with overly permissive permissions.

MITRE ATT&CK Enterprise TechniquesAI

T1044 File System Permissions Weakness Persistence

Processes may automatically execute specific binaries as part of their functionality or to perform other actions.

attack.mitre.org →

Why these techniques?

Direct mapping to File System Permissions Weakness (CWE-732) enabling binary replacement for local privilege escalation to root.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace…

or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation.

Deeper analysisAI

CVE-2026-23648 is a local privilege escalation vulnerability in Glory RBG-100 recycler systems that use the ISPK-08 software component. The issue stems from multiple system binaries having overly permissive file permissions, where several binaries executed by the root user are writable and executable by unprivileged local users. This allows attackers with local access to replace or modify these binaries, as documented under CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability was published on 2026-02-17 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker requires local access with low-privilege user rights (PR:L) to exploit this vulnerability, facing low complexity (AC:L) and no user interaction. Successful exploitation enables the execution of arbitrary commands with root privileges, granting high-impact control over confidentiality, integrity, and availability on the affected system.

Mitigation details are available in vendor and advisory resources, including the Glory Global website at https://www.glory-global.com/ and the VulnCheck advisory at https://www.vulncheck.com/advisories/glory-rbg-100-recycler-system-local-privilege-escalation-via-insecure-file-permissions.