Description
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Published: 2026-02-20
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution with administrative privileges via insecure DLL loading
Action: Immediate Patch
AI Analysis

Impact

An insecure DLL search path in the installer of the RICOH Journal Aggregation Tool allows an attacker to cause the system to load a malicious DLL. This flaw can lead to execution of arbitrary code with full administrative rights on the affected machine. The weakness is a classic DLL search path traversal (CWE-427).

Affected Systems

Manufactured by Ricoh Company, Ltd., the vulnerability affects the "ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール" installer in all releases before version 1.3.7. Upgrading to 1.3.7 or later removes the issue.

Risk and Exploitability

The CVSS score of 8.4 indicates high severity. The EPSS score of <1% suggests a low likelihood of exploit at present, and the vulnerability is not currently listed in the CISA KEV catalog. The most likely attack vector is a local installation scenario where an attacker can run the installer with elevated privileges, causing the vulnerable DLL search to load a crafted library. If successful, the attacker gains full control of the system.

Generated by OpenCVE AI on April 17, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RICOH Journal Aggregation Tool to version 1.3.7 or newer to eliminate the insecure DLL search path flaw.
  • Ensure that installers are obtained only from trusted sources and avoid running them from compromised or unverified locations.
  • Configure the system to enforce strict DLL search path policies (e.g., restrict to system directories) and monitor for unauthorized DLL loading during installation.

Generated by OpenCVE AI on April 17, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title DLL Search Path Manipulation in RICOH Journal Tool Enables Admin Code Execution

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Ricoh
Ricoh jobblogging Aggregation Tool
Vendors & Products Ricoh
Ricoh jobblogging Aggregation Tool

Fri, 20 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ricoh Jobblogging Aggregation Tool
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-02-20T13:45:42.678Z

Reserved: 2026-02-17T06:44:17.959Z

Link: CVE-2026-26050

cve-icon Vulnrichment

Updated: 2026-02-20T13:45:35.588Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T09:15:54.617

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-26050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:30:23Z

Weaknesses