Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability found for WPS Cloud by WPS

JVNDB-2026-000074

Vulnerability from jvndb - Published: 2026-05-14 16:16 - Updated:2026-05-14 16:16

Severity

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

WPS Office improper access restriction to its named pipe

Details

WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any non-administrative user can access it.

Exposed dangerous method or function (CWE-749) - CVE-2018-6400

MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN14434132/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2018-6400
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	WPS	KINGSOFT PDF Pro
	WPS	WPS Cloud
	WPS	WPS Cloud Pro
	WPS	WPS Office2

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000074.html",
  "dc:date": "2026-05-14T16:16+09:00",
  "dcterms:issued": "2026-05-14T16:16+09:00",
  "dcterms:modified": "2026-05-14T16:16+09:00",
  "description": "WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs.\r\nThe named pipe above is not properly protected and any non-administrative user can access it.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/749.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://www.cve.org/CVERecord?id=CVE-2018-6400\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eExposed dangerous method or function (CWE-749) - CVE-2018-6400\u003c/li\u003e\u003c/ul\u003eMASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000074.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:wps:kingsoft_pdf_pro",
      "@product": "KINGSOFT PDF Pro",
      "@vendor": "WPS",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:wps:wps_cloud",
      "@product": "WPS Cloud",
      "@vendor": "WPS",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:wps:wps_cloud_pro",
      "@product": "WPS Cloud Pro",
      "@vendor": "WPS",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:wps:wps_office2",
      "@product": "WPS Office2",
      "@vendor": "WPS",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2026-000074",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN14434132/index.html",
      "@id": "JVN#14434132",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2018-6400",
      "@id": "CVE-2018-6400",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "WPS Office improper access restriction to its named pipe"
}