CVE-2026-50255 | Incorrect default permissions issue exists in Optical Disc A… | CVSS 5.4 MEDIUM

Description

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.

Metadata

CVE ID: CVE-2026-50255
State: PUBLISHED
Assigner: jpcert
Reserved: 2026-06-09 00:32 UTC
Published: 2026-06-16 05:03 UTC
Last updated: 2026-06-16 12:34 UTC
Primary CWE: CWE-276
Incorrect default permissions
Vendor / Product: Sony Corporation / Optical Disc Archive Software for Windows
Sources: cve.org · NVD

Severity & Metrics

5.4 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Sony Corporation	Optical Disc Archive Software for Windows	—	5.5.3 and earlier

Weakness (CWE)

CWE	Source	Description
CWE-276	cna	Incorrect default permissions

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.7	MEDIUM	3.0	cna	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (2)