Skip to main content

Ricoh Web Image Monitor EUVDEUVD-2026-26314

| CVE-2026-41226 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-04-30 jpcert
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 30, 2026 - 07:22 NVD
6.1 (MEDIUM) 5.1 (MEDIUM)
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26314
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 06:08 nvd
MEDIUM 5.1

DescriptionCVE.org

Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

AnalysisAI

Open redirect vulnerability in Ricoh Web Image Monitor affects multiple laser printers and multifunction printers, allowing unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs. Successful exploitation enables phishing attacks by deceiving users into visiting malicious sites while appearing to originate from trusted printer interfaces. No active exploitation has been confirmed, but the vulnerability requires only user interaction (clicking a malicious link) and affects all configurations by default.

Technical ContextAI

Ricoh Web Image Monitor is a web-based management interface commonly embedded in Ricoh laser printers and multifunction printers (MFPs). The vulnerability stems from improper validation of redirect parameters in the web application (CWE-601: URL Redirection to Untrusted Site). The affected component fails to validate or sanitize URL parameters used in redirect functions, allowing attackers to inject arbitrary URLs. When a user clicks a specially crafted link that references the Web Image Monitor with a malicious redirect parameter, the application forwards the request without verification, creating a trust-based attack vector that exploits users' confidence in their organization's printer interface.

RemediationAI

Apply the security patch released by Ricoh for Web Image Monitor. Visit the official Ricoh security vulnerability page (https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000004) to download the latest firmware update for your specific printer model and firmware version. Installation typically requires administrative access to the printer's web interface and a device restart. For organizations unable to patch immediately, implement network-level controls: restrict access to the Web Image Monitor web interface using firewall rules or network segmentation, limiting exposure to trusted administrative networks only, and disable remote access if not required for business operations. Alternatively, configure the printer to reject or validate redirect parameters through any available security settings in the device configuration panel. User awareness training is essential: instruct users not to click links that reference the printer's Web Image Monitor unless directly typed or from official organizational communications, as the vulnerability exploits trust in the interface itself. These workarounds do not eliminate the vulnerability but reduce attack surface and user exposure.

CVE-2017-1000117 HIGH POC
8.8 Oct 05

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca

CVE-2024-52875 HIGH POC
8.8 Jan 31

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-2248 MEDIUM POC
5.8 Jul 20

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to

CVE-2012-6499 MEDIUM POC
5.8 Jan 12

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows

CVE-2015-2863 MEDIUM POC
4.3 Jul 20

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b

CVE-2017-3528 MEDIUM POC
5.4 Apr 24

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li

CVE-2012-0518 MEDIUM
4.7 Oct 16

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3

CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2015-5354 MEDIUM POC
5.8 Jul 01

Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites

CVE-2015-5461 MEDIUM POC
6.4 Jul 08

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for

CVE-2024-22891 CRITICAL POC
9.8 Mar 01

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated crit

Share

EUVD-2026-26314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy