Skip to main content

Pupsman

2 CVEs product

Monthly

CVE-2026-57895 HIGH This Week

Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.

Privilege Escalation RCE Pupsman
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-56437 HIGH This Week

Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).

RCE Pupsman
NVD
CVSS 4.0
8.4
EPSS
0.1%
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. The CVSS 4.0 base score is 8.5 (High), reflecting complete confidentiality, integrity, and availability impact despite the local attack vector.

Privilege Escalation RCE Pupsman
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation to arbitrary code execution affects Fuji Electric's Pupsman UPS management software in all versions prior to 3.9.0, where the installer insecurely loads a DLL from its own directory. A local attacker who can drop a malicious DLL into the folder containing the installer can have it executed with SYSTEM privilege the next time the installer is run. No public exploit identified at time of analysis and the flaw is not in CISA KEV; exploitation requires local file placement plus a victim executing the installer (UI:A).

RCE Pupsman
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy