Description
Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.
Published: 2026-06-15
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in printer drivers supplied by Ricoh Company, Ltd. and Konica Minolta Japan, Inc. A specially crafted driver can be loaded by a user who has logged into the host. The flaw is a library path manipulation (CWE‑427) that bypasses the driver integrity checks, allowing the malicious driver code to run with system‑level privileges. This permits the attacker to execute arbitrary commands, alter system files, or install persistent backdoors.

Affected Systems

Affected systems include any computers that have installed the printer driver packages from either Ricoh or Konica Minolta. The vendors do not specify particular revisions; therefore all known printer driver releases from these companies are considered at risk until an official patch is applied.

Risk and Exploitability

The CVSS score of 8.5 classifies this flaw as high severity, indicating that exploitation would significantly increase an attacker’s privileges. The EPSS score is not available, so exploitation probability cannot be quantified from public data, and the vulnerability is not yet listed in CISA’s KEV catalog. Inferred from the description, the exploitation requires a user who can log into the affected machine; the attacker then deploys a malicious driver file which the operating system loads with elevated rights. Because the attack starts from a local session, protection measures that limit user ability to install or modify drivers are highly effective.

Generated by OpenCVE AI on June 15, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest driver update from Ricoh and Konica Minolta that resolves the privilege escalation flaw
  • If no patch is available, uninstall or disable the vulnerable driver and replace it with a non‑affected alternative
  • Limit user privileges so that only trusted administrators can install or update printer drivers
  • Monitor the system for unusual driver installation attempts or changes to driver configuration

Generated by OpenCVE AI on June 15, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Title Printer Driver Privilege Escalation via Malicious Driver

Mon, 15 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-06-15T08:07:48.676Z

Reserved: 2026-06-09T04:19:48.755Z

Link: CVE-2026-50100

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T10:16:28.847

Modified: 2026-06-15T10:16:28.847

Link: CVE-2026-50100

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T12:00:09Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element