Skip to main content

Canon EOS Network Setting Tool CVE-2026-9261

| EUVDEUVD-2026-37021 HIGH
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-06-16 f98c90f0-e9bd-4fa7-911b-51993f3571fd GHSA-7f48-x95j-2r8c
7.6
CVSS 4.0 · Vendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd
Share

Severity by source

Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd) PRIMARY
7.6 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.8 MEDIUM

Network-path MitM against tool-initiated SSH; AC:H for crypto downgrade, UI:R because user must run the tool, PR:N, C/I high from session exposure, no availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (f98c90f0-e9bd-4fa7-911b-51993f3571fd).

CVSS VectorVendor: f98c90f0-e9bd-4fa7-911b-51993f3571fd

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
CVE Published
Jun 22, 2026 - 06:03 cve.org
HIGH 7.6
Analysis Generated
Jun 16, 2026 - 00:28 vuln.today

DescriptionCVE.org

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

AnalysisAI

Weak SSH cryptographic algorithms in Canon EOS Network Setting Tool version 1.5.0 and earlier allow network-adjacent attackers to undermine the confidentiality and integrity of SSH sessions used by the tool, per Canon PSIRT advisory CP2026-005. The CVSS 4.0 vector (AV:N/AC:H/UI:P/VC:H/VI:H) reflects high attack complexity and required user interaction, and there is no public exploit identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position on shared network with EOS user
Delivery
Wait for tool-initiated SSH session
Exploit
Force negotiation of weak cipher/KEX
Execution
Cryptanalyze or tamper with session traffic
Impact
Recover credentials or inject configuration

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to actively initiate an SSH-backed configuration session from the Canon EOS Network Setting Tool (UI:P, user interaction needed) while the attacker is positioned on the network path between the tool and the camera so the weak algorithm can be negotiated or downgraded, and the attacker must execute a cryptographic attack against the legacy SSH primitive (AC:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 7.6 (High) is tempered by AC:H and UI:P, which mean exploitation requires both elevated attack complexity and active user interaction - typically a user-initiated SSH session via the tool that the attacker can intercept or influence on the network path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A photographer at an event uses the EOS Network Setting Tool over event Wi-Fi to configure a camera; an attacker on the same network performs an active man-in-the-middle and forces the SSH handshake to negotiate a weak cipher or KEX, then decrypts or tampers with the configuration session to recover Wi-Fi credentials, FTP upload tokens, or image metadata. No public exploit is identified at time of analysis, but the underlying weak-algorithm class has well-known cryptanalytic tooling.
Remediation Patch available per vendor advisory: update the Canon EOS Network Setting Tool to the fixed version published in Canon PSIRT advisory CP2026-005 (https://psirt.canon/advisory-information/cp2026-005/) and the regional Canon support pages (canon.jp, canon-europe.com, usa.canon.com URLs above); the exact fixed build number is not included in the input data and should be taken from those advisories. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9261 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy