Description
The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
Published: 2026-03-25
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The installer for OM Workspace (Windows Edition) versions 2.4 and earlier shears improper mechanisms for loading Dynamic Link Libraries, which permits attackers to introduce malicious DLLs that are executed with the privileges of the user running the installer. This flaw maps to CWE‑427 and can lead to full arbitrary code execution under the account that installs the software. The potential impact includes data theft, system compromise, or propagation of malware across the network. The vulnerability is limited to the installation process, though the code executed gains whatever privileges the installing user possesses.

Affected Systems

OM Digital Solutions Corporation’s OM Workspace (Windows Edition) is affected when its installer is used for version 2.4 or earlier. No additional sub‑products or version ranges are listed.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity due to the remote code execution capability. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be local or user‑level, requiring an attacker to deliver a malicious DLL to a machine where a user with installation privileges runs the installer. Successful exploitation would grant the attacker the same rights as the installing user.

Generated by OpenCVE AI on March 25, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an updated version of OM Workspace (Windows Edition) that addresses insecure DLL loading and install it immediately.
  • Ensure that any installer is obtained from a trusted source or verify its digital signature before execution.
  • If a patch or newer version is not yet available, do not run the installer from unverified locations and restrict installation rights to trusted administrators.

Generated by OpenCVE AI on March 25, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Insecure DLL Loading in OM Workspace (Windows Edition) Installer Allows Arbitrary Code Execution

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Om Digital Solutions Corporation
Om Digital Solutions Corporation om Workspace (windows Edition)
Vendors & Products Om Digital Solutions Corporation
Om Digital Solutions Corporation om Workspace (windows Edition)

Wed, 25 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Om Digital Solutions Corporation Om Workspace (windows Edition)
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-25T13:27:47.685Z

Reserved: 2026-03-12T02:02:31.345Z

Link: CVE-2026-26306

cve-icon Vulnrichment

Updated: 2026-03-25T13:27:27.199Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T06:16:28.000

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-26306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:15:56Z

Weaknesses