Skip to main content

Ricoh/Konica Minolta Printer Drivers EUVDEUVD-2026-36701

| CVE-2026-50100 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-06-15 jpcert GHSA-7c4j-4vwf-c9vr
8.5
CVSS 4.0 · Vendor: jpcert
Share

Severity by source

Vendor (jpcert) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local authenticated user (PR:L, AV:L) plants a driver file with no user interaction; vulnerable driver loads it as SYSTEM giving full C/I/A on the host with no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (jpcert).

CVSS VectorVendor: jpcert

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 15, 2026 - 10:31 vuln.today
CVSS changed
Jun 15, 2026 - 10:22 NVD
7.8 (HIGH) 8.5 (HIGH)

DescriptionCVE.org

Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.

AnalysisAI

Local privilege escalation in multiple Ricoh and Konica Minolta printer drivers on Windows hosts allows an authenticated low-privileged user to gain higher privileges by supplying a specially crafted driver component. The flaw is rooted in CWE-427 (Uncontrolled Search Path Element), and at time of analysis no public exploit identified at time of analysis. CVSS 4.0 of 8.5 reflects high confidentiality, integrity, and availability impact despite requiring local access.

Technical ContextAI

Printer drivers on Windows typically execute portions of their installation and update logic in the context of the print spooler service or other SYSTEM-level processes. CWE-427 (Uncontrolled Search Path Element) covers cases where a privileged process loads a DLL, executable, or driver component from a directory writable by a low-privileged user, or follows a search order that can be hijacked. In this case, both Ricoh and Konica Minolta ship multiple printer driver packages (per the CPE strings cpe:2.3:a:ricoh_company,_ltd.:multiple_printer_drivers and cpe:2.3:a:konica_minolta_japan,_inc.:multiple_printer_drivers) that resolve a driver-related path insecurely, allowing a planted 'crafted driver' to be loaded with elevated rights during driver install, update, or print job processing.

RemediationAI

Patch available per vendor advisory: update each affected Ricoh and Konica Minolta printer driver to the fixed build listed in https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000002 and https://www.konicaminolta.jp/business/support/important/260615_01_01.html, cross-checked against the JVN coordination notice at https://jvn.jp/en/jp/JVN55319858/. Until patched drivers are deployed, restrict standard users from writing to driver installation, spooler, and per-printer driver directories (lock down ACLs on %WINDIR%\System32\spool\drivers and any vendor-specific 'Driver' folders), disable Point and Print non-administrator driver installation via the Group Policy 'Limits print driver installation to Administrators' setting, and remove unused Ricoh/Konica Minolta print queues from shared endpoints - note that these controls will break self-service driver installs and may require help-desk involvement for legitimate printer setup. Monitor for unexpected DLLs or driver files appearing in driver search paths as a detective control.

Share

EUVD-2026-36701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy