CVE-2026-1585

Published: Feb 27, 2026Modified: Mar 3, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd (Secondary)

Description

An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://canon.jp/support/support-info/260226vulnerability-response

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://psirt.canon/advisory-information/cp2026-002/

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://www.canon-europe.com/support/product-security/

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

https://www.usa.canon.com/support/canon-product-advisories/CPA2026-002-Vulnerability-Remediation-for-IJ-Scan-Utility-for-Windows

Source: f98c90f0-e9bd-4fa7-911b-51993f3571fd

Timeline

No history available yet.