CVE-2026-20893
📋 TL;DR
An origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 allows attackers with local Windows login access to execute arbitrary code with SYSTEM privileges and/or modify registry values. This affects versions 2.0.25.0 and earlier. Attackers need initial access to the Windows system where the software is installed.
💻 Affected Systems
- Fujitsu Security Solution AuthConductor Client Basic V2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise leading to complete host takeover, persistence establishment, and lateral movement capabilities.
Likely Case
Local privilege escalation from a standard user account to SYSTEM, enabling registry manipulation and arbitrary code execution.
If Mitigated
Limited impact if proper endpoint security controls prevent initial access and privilege escalation attempts.
🎯 Exploit Status
Requires authenticated Windows access. Exploitation likely involves manipulating origin validation to execute privileged operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version after 2.0.25.0
Vendor Advisory: https://www.fmworld.net/biz/common/info/202601acc/
Restart Required: Yes
Instructions:
1. Download latest version from Fujitsu support portal. 2. Uninstall current version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Remove or disable software
windowsUninstall AuthConductor Client Basic V2 if not required
Control Panel > Programs > Uninstall a program > Select 'Fujitsu Security Solution AuthConductor Client Basic V2' > Uninstall
Restrict user privileges
windowsLimit standard user accounts to prevent exploitation
🧯 If You Can't Patch
- Implement strict endpoint security controls to detect privilege escalation attempts
- Segment networks to limit lateral movement from compromised systems
🔍 How to Verify
Check if Vulnerable:
Check installed version via Control Panel > Programs or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Fujitsu\AuthConductor Client Basic V2Check Version:
reg query "HKLM\SOFTWARE\Fujitsu\AuthConductor Client Basic V2" /v VersionVerify Fix Applied:
Verify version is newer than 2.0.25.0 and check registry for unauthorized modifications📡 Detection & Monitoring
Log Indicators:
- Unexpected SYSTEM privilege processes spawned from AuthConductor
- Registry modification events in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Network Indicators:
- Unusual outbound connections from AuthConductor processes
SIEM Query:
process_name:"AuthConductor" AND parent_process_name:"services.exe" AND integrity_level:"SYSTEM"