How is CVE-2026-9261 exploited?

Network reachability (required): The attacker must reach the target service over the network; the tool exposes an SSH endpoint that is accessible remotely. Authentication (not-required): No credentials or prior account access are needed to initiate the attack against the weak SSH negotiation. Victim interaction (required): A user must take some action, such as initiating or accepting an SSH connection, for the attacker to intercept or manipulate the session. Attack complexity (info): Exploitation requires specific environmental conditions, such as the ability to perform a man-in-the-middle position or influence algorithm negotiation, making reliable exploitation dependent on network positioning.

What is the impact of CVE-2026-9261?

Reads confidential data transmitted over the SSH session, including credentials, commands, and any files transferred. Modifies data in transit over the SSH connection, allowing the attacker to inject or alter commands and file contents. Session confidentiality and integrity are fully compromised; an attacker with a successful interception position has high-fidelity access to the communication channel.

Back to search

HIGHCVE-2026-9261Published 2026-06-15Modified 2026-06-15CNA Canon

CVE-2026-9261: Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

CVSS v4.0: 7.6
Severity: HIGH
Fixed in: —
Affected Products: 2

HarborGuard Analysis

Synopsis

Use of weak SSH cryptographic algorithms affects Canon EOS Network Setting Tool version 1.5.0 and earlier on both Windows and macOS. The tool negotiates SSH connections using cryptographically weak algorithms, reachable over the network, with no authentication required from the attacker but requiring some form of user interaction to trigger. Successful exploitation allows an attacker to read and tamper with SSH session data, exposing confidential information and enabling modification of data in transit. No fix version has been published; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle the Canon EOS Network Setting Tool. Any image carrying an affected version of the tool surfaces immediately in the findings queue.

Available

Triage

HarborGuard scores this CVE at 7.6 HIGH using the CVSS v4.0 vector and weights the finding against each customer organization's compliance policy, routing the alert to the appropriate team inbox based on configured severity thresholds and asset classification.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the Canon advisory on every ingest cycle and will make a patched-image rebuild available the moment Canon releases a corrected version. In the interim, customers can apply compensating controls through HarborGuard's network-policy isolation recommendations for images carrying this tool.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the target service over the network; the tool exposes an SSH endpoint that is accessible remotely.
AuthenticationNot required
No credentials or prior account access are needed to initiate the attack against the weak SSH negotiation.
Victim interactionRequired
A user must take some action, such as initiating or accepting an SSH connection, for the attacker to intercept or manipulate the session.
Attack complexityDetail
Exploitation requires specific environmental conditions, such as the ability to perform a man-in-the-middle position or influence algorithm negotiation, making reliable exploitation dependent on network positioning.

Blast Radius

Reads confidential data transmitted over the SSH session, including credentials, commands, and any files transferred.
Modifies data in transit over the SSH connection, allowing the attacker to inject or alter commands and file contents.
Session confidentiality and integrity are fully compromised; an attacker with a successful interception position has high-fidelity access to the communication channel.

How HarborGuard Handles This

Available on HarborGuard: scanning for this CVE runs continuously against all registered images, with findings surfaced and scored at HIGH (7.6 CVSS v4.0). Because Canon has not published a fix for EOS Network Setting Tool 1.5.0 or earlier, no patched-image rebuild is available yet. HarborGuard re-checks the advisory on every ingest cycle and will trigger a rebuild and, for customers with auto-remediation enabled, open a regression-tested PR against affected workloads the moment an upstream fix is published. Until then, customers are advised to apply compensating controls: restrict network access to hosts running the EOS Network Setting Tool using container or host network policies, enforce egress filtering to limit SSH reachability, and where feasible disable or isolate the tool from untrusted network segments.

See how HarborGuard automates this

Affected packages

Canon Inc. / EOS Network Setting Tool for Windows
1.5.0 or earlier
Canon Inc. / EOS Network Setting Tool for macOS
1.5.0 or earlier

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified