Response to Vulnerability Caused by Unquoted Windows Service Executable File Paths

February 9, 2026

Oki Electric Industry Co., Ltd.

Thank you for using our products.

Executive Summary

A vulnerability (CVE-2026-24466) has been identified in the utilities specified below, where the executable file paths for Windows services are not enclosed in quotation marks.

Vulnerability Severity

CVSS Version:v3.0

Base Score:Medium

Vector String:(CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/BS:6.7)

Affected Utilities

The affected utilities and versions are listed below.

Vulnerability Details

There is a risk that unauthorized files may be executed because Windows service executable file paths are not enclosed in quotation marks.

Countermeasures

This vulnerability can be addressed by updating the affected utilities to the fixed versions or by applying the provided patches.

Updating to Fixed Versions:

Please download the fixed versions of the relevant utilities from our website and update accordingly.

Applying Patches:

Please download and apply the appropriate patches for the affected utilities from our website.

Please note that updated versions of these utilities will also be released on our website at a later date.