CVE-2026-26306

| EUVD-2026-15190 HIGH
2026-03-25 jpcert GHSA-mc38-gw9c-q8f5
8.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 06:15 euvd
EUVD-2026-15190
Analysis Generated
Mar 25, 2026 - 06:15 vuln.today
CVE Published
Mar 25, 2026 - 05:44 nvd
HIGH 8.4

Tags

RCE Microsoft Windows

Description

The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.

Analysis

A DLL hijacking vulnerability exists in the installer for OM Workspace (Windows Edition) Ver 2.4 and earlier, allowing local attackers to execute arbitrary code with the privileges of the user running the installer. The vulnerability is reported by JPCERT and affects software from OM Digital Solutions Corporation. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running OM Workspace Ver 2.4 and earlier and restrict installer execution to trusted administrators only. Within 7 days: Disable or isolate OM Workspace installations where feasible, communicate patch timeline expectations to users, and implement application whitelisting on affected systems. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +42
POC: 0

Share

CVE-2026-26306 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy