Skip to main content

Emocheck CVE-2026-28704

| EUVDEUVD-2026-21316 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-04-10 jpcert GHSA-cvcj-h2fq-82fw
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 10, 2026 - 06:15 euvd
EUVD-2026-21316
Analysis Generated
Apr 10, 2026 - 06:15 vuln.today
CVE Published
Apr 10, 2026 - 05:49 nvd
HIGH 8.4

DescriptionCVE.org

Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.

AnalysisAI

DLL hijacking in JPCERT's Emocheck malware detection tool allows local code execution when malicious DLL placed in application directory. Unauthenticated attacker with local access can achieve arbitrary code execution at user privilege level by exploiting insecure library loading (CWE-427). User must invoke Emocheck executable with crafted DLL present. No public exploit identified at time of analysis. CVSS 7.8 indicates high severity requiring user interaction and local access.

Technical ContextAI

CWE-427 uncontrolled search path element vulnerability. Application fails to validate DLL load paths, enabling preloading attack vector. Exploits Windows DLL search order by placing malicious library in current working directory. CPE: cpe:2.3:a:japan_computer_emergency_response_team_coordination_center_(jpcert/cc):emocheck, affecting JPCERT/CC Emocheck utility.

RemediationAI

Upgrade to patched Emocheck version available from JPCERT/CC GitHub repository. Upstream fix available (PR/commit); released patched version not independently confirmed. Obtain latest release from https://github.com/JPCERTCC/EmoCheck/ and verify integrity before deployment. Until patched, run Emocheck only from trusted directories with verified file integrity, avoid executing from user-writable paths (Downloads, Temp), and implement application whitelisting to block unauthorized DLL loads. Organizational deployment should enforce read-only installation directories with elevated permissions required for modification. Official advisory: https://jvn.jp/en/jp/JVN00263243/ and https://www.jpcert.or.jp/press/2026/PR20260410.html. EPSS data unavailable for risk quantification.

Share

CVE-2026-28704 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy