Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for OM Workspace (Windows Edition) by OM Digital Solutions Corporation

    JVNDB-2026-000040

    Vulnerability from jvndb - Published: 2026-03-25 18:13 - Updated:2026-03-25 18:13
    Severity
    Summary
    Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries
    Details
    OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace (Windows Edition) contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
    • Uncontrolled search path element (CWE-427) - CVE-2026-26306
    Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with OM Digital Solutions Corporation under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000040.html",
      "dc:date": "2026-03-25T18:13+09:00",
      "dcterms:issued": "2026-03-25T18:13+09:00",
      "dcterms:modified": "2026-03-25T18:13+09:00",
      "description": "OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace (Windows Edition) contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-26306\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with OM Digital Solutions Corporation under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000040.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:om_digitalsolutions_om_workspace_for_windows",
        "@product": "OM Workspace (Windows Edition)",
        "@vendor": "OM Digital Solutions Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000040",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/jp/JVN19505323/index.html",
          "@id": "JVN#19505323",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-26306",
          "@id": "CVE-2026-26306",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries"
    }

    CVE-2026-26306 (GCVE-0-2026-26306)

    Vulnerability from nvd – Published: 2026-03-25 05:44 – Updated: 2026-03-25 13:27
    VLAI
    Summary
    The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:27:23.553201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:27:47.685Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OM Workspace (Windows Edition)",
              "vendor": "OM Digital Solutions Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver 2.4 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T05:44:36.924Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN19505323/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-26306",
        "datePublished": "2026-03-25T05:44:36.924Z",
        "dateReserved": "2026-03-12T02:02:31.345Z",
        "dateUpdated": "2026-03-25T13:27:47.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-26306 (GCVE-0-2026-26306)

    Vulnerability from cvelistv5 – Published: 2026-03-25 05:44 – Updated: 2026-03-25 13:27
    VLAI
    Summary
    The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26306",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:27:23.553201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:27:47.685Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OM Workspace (Windows Edition)",
              "vendor": "OM Digital Solutions Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver 2.4 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T05:44:36.924Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN19505323/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-26306",
        "datePublished": "2026-03-25T05:44:36.924Z",
        "dateReserved": "2026-03-12T02:02:31.345Z",
        "dateUpdated": "2026-03-25T13:27:47.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }