Description
The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.
Published: 2026-03-26
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution with administrator privileges
Action: Immediate Patch
AI Analysis

Impact

The installer for RATOC RAID Monitoring Manager for Windows searches the current directory to load required DLLs. If a malicious DLL is placed in that directory, the installer will load it and execute arbitrary code at install time. This vulnerability allows an attacker to run code with administrator privileges, potentially compromising the entire system, exfiltrating data, or establishing persistence.

Affected Systems

RATOC Systems, Inc. produces the RAID Monitoring Manager for Windows. No specific versions are listed, so any version employing this installer logic is potentially vulnerable until the vendor releases a fix.

Risk and Exploitability

The CVSS base score of 8.4 indicates high severity. EPSS information is not provided, and the issue is not listed in any known exploited vulnerabilities catalog, suggesting limited or no widespread exploitation to date. The likely attack vector is local: an attacker must place a crafted DLL in the installation directory and run the installer on the target machine. Successful exploitation would run the malicious code with administrator rights, giving full control of the affected system.

Generated by OpenCVE AI on March 26, 2026 at 09:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch for RAID Monitoring Manager for Windows as released on the vendor’s website.
  • If no patch is available, run the installer from a secure, trusted directory and ensure that only authenticated DLLs are present before execution.
  • Execute the installer with the minimum privileges required, avoiding administrator rights when possible to limit the impact of a potential DLL load.
  • Deploy application whitelisting or enforce DLL signing validation to prevent the installation of untrusted modules.

Generated by OpenCVE AI on March 26, 2026 at 09:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Administrator Privilege DLL Loading Vulnerability in RATOC RAID Monitoring Manager Installer

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Ratocsystems
Ratocsystems raid Monitoring Manager
Vendors & Products Ratocsystems
Ratocsystems raid Monitoring Manager

Thu, 26 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
Description The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ratocsystems Raid Monitoring Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-26T14:17:16.467Z

Reserved: 2026-03-19T02:37:39.933Z

Link: CVE-2026-28760

cve-icon Vulnrichment

Updated: 2026-03-26T14:17:07.038Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T07:16:20.030

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-28760

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:08:19Z

Weaknesses