Search
Find a vulnerability
Search criteria
3 vulnerabilities by OM Digital Solutions Corporation
JVNDB-2026-000040
Vulnerability from jvndb - Published: 2026-03-25 18:13 - Updated:2026-03-25 18:13
Severity
Summary
Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries
Details
OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace (Windows Edition) contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427) - CVE-2026-26306
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000040.html",
"dc:date": "2026-03-25T18:13+09:00",
"dcterms:issued": "2026-03-25T18:13+09:00",
"dcterms:modified": "2026-03-25T18:13+09:00",
"description": "OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace (Windows Edition) contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-26306\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with OM Digital Solutions Corporation under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000040.html",
"sec:cpe": {
"#text": "cpe:/a:misc:om_digitalsolutions_om_workspace_for_windows",
"@product": "OM Workspace (Windows Edition)",
"@vendor": "OM Digital Solutions Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000040",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN19505323/index.html",
"@id": "JVN#19505323",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-26306",
"@id": "CVE-2026-26306",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries"
}
CVE-2026-26306 (GCVE-0-2026-26306)
Vulnerability from nvd – Published: 2026-03-25 05:44 – Updated: 2026-03-25 13:27
VLAI
Summary
The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OM Digital Solutions Corporation | OM Workspace (Windows Edition) |
Affected:
Ver 2.4 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:27:23.553201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:27:47.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OM Workspace (Windows Edition)",
"vendor": "OM Digital Solutions Corporation",
"versions": [
{
"status": "affected",
"version": "Ver 2.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T05:44:36.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"
},
{
"url": "https://jvn.jp/en/jp/JVN19505323/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-26306",
"datePublished": "2026-03-25T05:44:36.924Z",
"dateReserved": "2026-03-12T02:02:31.345Z",
"dateUpdated": "2026-03-25T13:27:47.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26306 (GCVE-0-2026-26306)
Vulnerability from cvelistv5 – Published: 2026-03-25 05:44 – Updated: 2026-03-25 13:27
VLAI
Summary
The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OM Digital Solutions Corporation | OM Workspace (Windows Edition) |
Affected:
Ver 2.4 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:27:23.553201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:27:47.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OM Workspace (Windows Edition)",
"vendor": "OM Digital Solutions Corporation",
"versions": [
{
"status": "affected",
"version": "Ver 2.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T05:44:36.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"
},
{
"url": "https://jvn.jp/en/jp/JVN19505323/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-26306",
"datePublished": "2026-03-25T05:44:36.924Z",
"dateReserved": "2026-03-12T02:02:31.345Z",
"dateUpdated": "2026-03-25T13:27:47.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}