Description
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.
Published: 2026-01-27
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from an insecure DLL search path in beat‑access for Windows version 3.0.3 and earlier, allowing an attacker to influence the dynamic link library that the application loads. If an attacker can place a malicious DLL in a directory that the application searches, the DLL will be loaded and executed with SYSTEM privileges, resulting in arbitrary code execution on the host system. This flaw is identified as CWE‑427.

Affected Systems

FUJIFILM Business Innovation Corp.'s beat‑access for Windows for all versions 3.0.3 and earlier are affected. No specific sub‑versions are listed beyond that threshold.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests a very low current exploitation probability. Because the flaw permits execution with SYSTEM rights, the impact is significant if an adversary can supply a crafted DLL. No official KEV listing currently exists, so the vulnerability has not yet been identified as a known exploited issue in the CISA catalog. The likely attack vector requires an attacker to supply a DLL that the application will load, which could be achieved via social engineering, supply chain compromise or local code execution.

Generated by OpenCVE AI on April 18, 2026 at 02:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade beat‑access for Windows to a version newer than 3.0.3 that eliminates the insecure DLL search path.
  • If an upgrade is not immediately possible, disable the use of the current DLL search path by configuring Windows to require explicitly defined DLL locations or by setting the DLL search order to use only the application directory.
  • Apply application control such as AppLocker or Windows Defender Credential Guard to block unauthorized DLL execution within the beat‑access runtime environment.

Generated by OpenCVE AI on April 18, 2026 at 02:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title DLL Search Path Vulnerability Allowing Arbitrary Code Execution with SYSTEM Privileges

Tue, 27 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Fujifilm
Fujifilm beat-access For Windows
Vendors & Products Fujifilm
Fujifilm beat-access For Windows

Tue, 27 Jan 2026 05:30:00 +0000

Type Values Removed Values Added
Description beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujifilm Beat-access For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-01-27T20:50:14.682Z

Reserved: 2026-01-19T06:37:18.443Z

Link: CVE-2026-21408

cve-icon Vulnrichment

Updated: 2026-01-27T20:50:11.355Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T06:15:59.583

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-21408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:30:15Z

Weaknesses