{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28760", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-19T02:37:39.933Z", "datePublished": "2026-03-26T06:54:59.213Z", "dateUpdated": "2026-03-26T14:17:16.467Z"}, "containers": {"cna": {"affected": [{"vendor": "RATOC Systems, Inc.", "product": "RATOC RAID Monitoring Manager for Windows", "versions": [{"version": "prior to 2.00.009.260220", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."}], "problemTypes": [{"descriptions": [{"description": "Uncontrolled Search Path Element", "lang": "en-US", "cweId": "CWE-427", "type": "CWE"}]}], "references": [{"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"}, {"url": "https://jvn.jp/en/jp/JVN08057419/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-26T06:54:59.213Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T14:16:40.619607Z", "id": "CVE-2026-28760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:17:16.467Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T14:16:40.619607Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:17:07.038Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "RATOC Systems, Inc.", "product": "RATOC RAID Monitoring Manager for Windows", "versions": [{"status": "affected", "version": "prior to 2.00.009.260220"}]}], "references": [{"url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"}, {"url": "https://jvn.jp/en/jp/JVN08057419/"}], "descriptions": [{"lang": "en", "value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-26T06:54:59.213Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28760", "state": "PUBLISHED", "dateUpdated": "2026-03-26T14:17:16.467Z", "dateReserved": "2026-03-19T02:37:39.933Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-26T06:54:59.213Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."}], "id": "CVE-2026-28760", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-26T07:16:20.030", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN08057419/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.00.009.260220)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "RATOC RAID Monitoring Manager for Windows", "source": "cna", "vendor": "RATOC Systems, Inc."}, "product": "raid_monitoring_manager", "vendor": "ratocsystems"}], "analysis": {"en": {"generated_at": "2026-03-26T09:51:01.279834+00:00", "value": {"mitigation_remediation": ["Apply the latest vendor patch for RAID Monitoring Manager for Windows as released on the vendor\u2019s website.", "If no patch is available, run the installer from a secure, trusted directory and ensure that only authenticated DLLs are present before execution.", "Execute the installer with the minimum privileges required, avoiding administrator rights when possible to limit the impact of a potential DLL load.", "Deploy application whitelisting or enforce DLL signing validation to prevent the installation of untrusted modules."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution with administrator privileges"}, "threat_synthesis": {"affected_systems": "RATOC Systems, Inc. produces the RAID Monitoring Manager for Windows. No specific versions are listed, so any version employing this installer logic is potentially vulnerable until the vendor releases a fix.", "description_and_impact": "The installer for RATOC RAID Monitoring Manager for Windows searches the current directory to load required DLLs. If a malicious DLL is placed in that directory, the installer will load it and execute arbitrary code at install time. This vulnerability allows an attacker to run code with administrator privileges, potentially compromising the entire system, exfiltrating data, or establishing persistence.", "risk_and_exploitability": "The CVSS base score of 8.4 indicates high severity. EPSS information is not provided, and the issue is not listed in any known exploited vulnerabilities catalog, suggesting limited or no widespread exploitation to date. The likely attack vector is local: an attacker must place a crafted DLL in the installation directory and run the installer on the target machine. Successful exploitation would run the malicious code with administrator rights, giving full control of the affected system."}}}}, "created": "2026-03-26T11:30:13.557207+00:00", "title": "Administrator Privilege DLL Loading Vulnerability in RATOC RAID Monitoring Manager Installer", "updated": "2026-03-26T12:08:19.239983+00:00", "vendors": ["ratocsystems", "ratocsystems$PRODUCT$raid_monitoring_manager"]}