Skip to main content

Pupsman EUVDEUVD-2026-42165

| CVE-2026-56437 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-07-08 jpcert GHSA-jrgq-cr5h-83px
8.4
CVSS 4.0 · Vendor: jpcert
Share

Severity by source

Vendor (jpcert) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local DLL-planting with no prior privileges (PR:N) but requiring the victim to run the installer (UI:R); full SYSTEM-level compromise gives C/I/A:H, scope unchanged.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (jpcert).

CVSS VectorVendor: jpcert

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 08, 2026 - 06:24 vuln.today
CVSS changed
Jul 08, 2026 - 06:22 NVD
7.8 (HIGH) 8.4 (HIGH)

DescriptionCVE.org

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege.

AnalysisAI

Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local write access to installer folder
Delivery
Plant malicious DLL matching search path
Exploit
Victim runs Pupsman installer
Execution
Installer loads attacker DLL
Impact
Execute code as SYSTEM

Vulnerability AssessmentAI

Exploitation Requires (1) local write access to the exact folder where the Pupsman (pre-3.9.0) installer resides, allowing placement of a crafted DLL with the name the installer resolves, and (2) a user or administrator subsequently executing that installer (CVSS UI:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H) scores 8.4 and correctly captures the trade-off: high technical impact (full C/I/A on the vulnerable system, SYSTEM-level) but gated by local access and required user interaction - the victim must execute the installer from a directory the attacker has already written to. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with the ability to write to a shared directory or a user's Downloads folder plants a malicious DLL named to match one the Pupsman installer loads. When an administrator later runs the installer from that same folder, the planted DLL is loaded and executes attacker code with SYSTEM privilege. …
Remediation Upgrade to Pupsman 3.9.0 or later, which the vendor released to address this issue (Vendor-released patch: 3.9.0); consult the vendor page at https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html and the JVN advisory https://jvn.jp/en/jp/JVN62347140/ for download details. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Pupsman prior to version 3.9.0 and restrict local administrator access; limit installer execution to authorized personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy