IP Setting Software CVE-2026-34488

| EUVD-2026-25194 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-04-23 jpcert GHSA-j3m8-qm5j-mgwc
RCE
7.0
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Re-analysis Queued
Apr 23, 2026 - 07:35 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 07:35 NVD
7.3 (HIGH) 7.0 (HIGH)
Analysis Generated
Apr 23, 2026 - 06:49 vuln.today

DescriptionNVD

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

AnalysisAI

DLL hijacking in i-PRO Co., Ltd.'s IP Setting Software enables local attackers with low privileges to execute arbitrary code with administrative privileges when victims open the application. The vulnerability stems from insecure DLL search path handling (CWE-427), allowing attackers to plant malicious DLLs that load during software execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and inventory all systems running i-PRO IP Setting Software; document current version numbers and deployment scope. Within 7 days: Restrict launch of the application to trusted administrators only via application whitelisting or group policy; disable auto-launch features if present. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-34488 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy