Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.
AnalysisAI
DLL hijacking in JPCERT's Emocheck malware detection tool allows local code execution when malicious DLL placed in application directory. Unauthenticated attacker with local access can achieve arbitrary code execution at user privilege level by exploiting insecure library loading (CWE-427). User must invoke Emocheck executable with crafted DLL present. No public exploit identified at time of analysis. CVSS 7.8 indicates high severity requiring user interaction and local access.
Technical ContextAI
CWE-427 uncontrolled search path element vulnerability. Application fails to validate DLL load paths, enabling preloading attack vector. Exploits Windows DLL search order by placing malicious library in current working directory. CPE: cpe:2.3:a:japan_computer_emergency_response_team_coordination_center_(jpcert/cc):emocheck, affecting JPCERT/CC Emocheck utility.
RemediationAI
Upgrade to patched Emocheck version available from JPCERT/CC GitHub repository. Upstream fix available (PR/commit); released patched version not independently confirmed. Obtain latest release from https://github.com/JPCERTCC/EmoCheck/ and verify integrity before deployment. Until patched, run Emocheck only from trusted directories with verified file integrity, avoid executing from user-writable paths (Downloads, Temp), and implement application whitelisting to block unauthorized DLL loads. Organizational deployment should enforce read-only installation directories with elevated permissions required for modification. Official advisory: https://jvn.jp/en/jp/JVN00263243/ and https://www.jpcert.or.jp/press/2026/PR20260410.html. EPSS data unavailable for risk quantification.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21316
GHSA-cvcj-h2fq-82fw