HIGHCVE-2026-24466Published 2026-02-09Modified 2026-02-09CNA jpcert

CVE-2026-24466: Products provided by Oki Electric Industry Co

Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

CVSS v4.0: 8.4
Severity: HIGH
Fixed in: —
Affected Products: 3

Affected packages

Oki Electric Industry Co., Ltd. / See "References" section
See "References" section
Ricoh Company, Ltd. / See "References" section
See "References" section
Murata Machinery, Ltd. / See "References" section
See "References" section

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

oki.com
oki.com
jp.ricoh.com
muratec.jp
jvn.jp

Metrics