{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2998", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-02-23T01:38:28.970Z", "datePublished": "2026-02-23T02:42:30.294Z", "dateUpdated": "2026-02-23T13:31:55.139Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ERP F2", "vendor": "eAI Technologies", "versions": [{"status": "affected", "version": "0"}]}], "datePublic": "2026-02-23T02:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code."}], "value": "ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code."}], "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-02-23T02:42:30.294Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10722-db7cb-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10723-14549-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please upgrade to ERP F10(PowerBuilder 2025 version)."}], "value": "Please upgrade to ERP F10(PowerBuilder 2025 version)."}], "source": {"advisory": "TVN-202602006", "discovery": "EXTERNAL"}, "title": "eAI Technologies\uff5cERP - DLL Hijacking", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T13:31:43.703834Z", "id": "CVE-2026-2998", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T13:31:55.139Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2998", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-23T13:31:43.703834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T13:31:48.976Z"}}], "cna": {"title": "eAI Technologies\uff5cERP - DLL Hijacking", "source": {"advisory": "TVN-202602006", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "eAI Technologies", "product": "ERP F2", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to ERP F10(PowerBuilder 2025 version).", "supportingMedia": [{"type": "text/html", "value": "Please upgrade to ERP F10(PowerBuilder 2025 version).", "base64": false}]}], "datePublic": "2026-02-23T02:35:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10722-db7cb-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10723-14549-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.", "supportingMedia": [{"type": "text/html", "value": "ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-02-23T02:42:30.294Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2998", "state": "PUBLISHED", "dateUpdated": "2026-02-23T13:31:55.139Z", "dateReserved": "2026-02-23T01:38:28.970Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2026-02-23T02:42:30.294Z", "assignerShortName": "twcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code."}, {"lang": "es", "value": "El ERP desarrollado por eAI Technologies tiene una vulnerabilidad de Secuestro de DLL, que permite a atacantes locales autenticados colocar un archivo DLL manipulado en el mismo directorio que el programa, ejecutando as\u00ed c\u00f3digo arbitrario."}], "id": "CVE-2026-2998", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-02-23T04:16:02.537", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10723-14549-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10722-db7cb-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ERP F2", "source": "cna", "vendor": "eAI Technologies"}, "product": "erp_f2", "vendor": "eai_technologies"}], "analysis": {"en": {"generated_at": "2026-04-17T16:23:21.161415+00:00", "value": {"mitigation_remediation": ["Upgrade the ERP application to version ERP F10 (PowerBuilder 2025) as specified by the vendor.", "Configure the application directory so that only privileged users have write permission, preventing ordinary users from dropping DLL files there.", "Enable operating\u2011system features such as code signing enforcement or runtime DLL path validation to ensure that only trusted libraries are loaded by the application."], "summary": {"action": "Immediate Patch", "impact": "Local Authorized Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw has been identified in eAI Technologies' ERP F2 product. The vendor\u2019s fix is released in ERP F10 (the PowerBuilder 2025 version). No other products or versions are currently listed as affected.", "description_and_impact": "An authenticated local user can place a malicious DLL in the directory where the eAI Technologies ERP F2 application resides, causing the program to load the crafted library and execute arbitrary code. The vulnerability is a classic DLL hijacking flaw, allowing the attacker to gain the same privileges as the running process.", "risk_and_exploitability": "The CVSS score of 8.5 classifies the vulnerability as High severity, reflecting the significant impact of arbitrary code execution on confidentiality, integrity, and availability. The EPSS score indicates a very low probability of exploitation (<1%), and the vulnerability is not listed in the CISA KEV catalogue. The attack vector is inferred to be local authenticated access, as the description specifies that an authenticated, local attacker can place a crafted DLL in the program directory."}}}}, "created": "2026-02-23T14:28:21.928809+00:00", "updated": "2026-04-17T16:30:05.830387+00:00", "vendors": ["eai_technologies", "eai_technologies$PRODUCT$erp_f2"]}