{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26306", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-12T02:02:31.345Z", "datePublished": "2026-03-25T05:44:36.924Z", "dateUpdated": "2026-03-25T13:27:47.685Z"}, "containers": {"cna": {"affected": [{"vendor": "OM Digital Solutions Corporation", "product": "OM Workspace (Windows Edition)", "versions": [{"version": "Ver 2.4 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en-US", "cweId": "CWE-427", "type": "CWE"}]}], "references": [{"url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"}, {"url": "https://jvn.jp/en/jp/JVN19505323/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-25T05:44:36.924Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T13:27:23.553201Z", "id": "CVE-2026-26306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:27:47.685Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T13:27:23.553201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:27:27.199Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "OM Digital Solutions Corporation", "product": "OM Workspace (Windows Edition)", "versions": [{"status": "affected", "version": "Ver 2.4 and earlier"}]}], "references": [{"url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"}, {"url": "https://jvn.jp/en/jp/JVN19505323/"}], "descriptions": [{"lang": "en", "value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-25T05:44:36.924Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26306", "state": "PUBLISHED", "dateUpdated": "2026-03-25T13:27:47.685Z", "dateReserved": "2026-03-12T02:02:31.345Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-25T05:44:36.924Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."}], "id": "CVE-2026-26306", "lastModified": "2026-03-25T15:41:33.977", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-25T06:16:28.000", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN19505323/"}, {"source": "vultures@jpcert.or.jp", "url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "OM Workspace (Windows Edition)", "source": "cna", "vendor": "OM Digital Solutions Corporation"}, "product": "om_workspace_(windows_edition)", "vendor": "om_digital_solutions_corporation"}], "analysis": {"en": {"generated_at": "2026-03-25T07:21:01.039930+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website for an updated version of OM Workspace (Windows Edition) that addresses insecure DLL loading and install it immediately.", "Ensure that any installer is obtained from a trusted source or verify its digital signature before execution.", "If a patch or newer version is not yet available, do not run the installer from unverified locations and restrict installation rights to trusted administrators."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "OM Digital Solutions Corporation\u2019s OM Workspace (Windows Edition) is affected when its installer is used for version 2.4 or earlier. No additional sub\u2011products or version ranges are listed. ", "description_and_impact": "The installer for OM Workspace (Windows Edition) versions 2.4 and earlier shears improper mechanisms for loading Dynamic Link Libraries, which permits attackers to introduce malicious DLLs that are executed with the privileges of the user running the installer. This flaw maps to CWE\u2011427 and can lead to full arbitrary code execution under the account that installs the software. The potential impact includes data theft, system compromise, or propagation of malware across the network. The vulnerability is limited to the installation process, though the code executed gains whatever privileges the installing user possesses. ", "risk_and_exploitability": "The CVSS score of 8.4 indicates a high severity due to the remote code execution capability. EPSS data is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to be local or user\u2011level, requiring an attacker to deliver a malicious DLL to a machine where a user with installation privileges runs the installer. Successful exploitation would grant the attacker the same rights as the installing user. "}}}}, "created": "2026-03-25T11:35:40.161095+00:00", "title": "Insecure DLL Loading in OM Workspace (Windows Edition) Installer Allows Arbitrary Code Execution", "updated": "2026-03-25T21:15:56.547596+00:00", "vendors": ["om_digital_solutions_corporation", "om_digital_solutions_corporation$PRODUCT$om_workspace_(windows_edition)"]}