- Home
- お問い合わせ
- 商品・サービスセキュリティ
- セキュリティ情報
- SA-2026-0001_en
商品・サービスセキュリティ
SA-2026-0001:Identified vulnerability of an unquoted service path in certain utilities for our printers and multifunction devices
Publication Date: February 9, 2026 Last Updated: February 12, 2026
Overview
A vulnerability (CVE-2026-24466) exists in certain Windows utilities provided for our printers and multifunction devices, where the executable path configured for a Windows service is not enclosed in quotation marks.
A local user with write permissions to the root of the system drive could execute arbitrary code with SYSTEM privileges.
CVE-2026-24466(CVSS3.0 Base score: 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CWE-428
Affected Products
The following Windows utilities are affected.
| Utility Name | Affected Version(s) |
|---|---|
| Configuration Tool |
2.0.1 and earlier 1.8.1 and earlier(Pro3 series) |
| smart Print Super Vision | 2.0.2 and earlier |
| Print Job Accounting | 4.4.13 and earlier |
| Print Job Accounting Lite | 4.4.13.2 and earlier |
| Web Driver Installer | 1.5.11 and earlier |
| Storage Device Manager | 3.0.0.1~3.2.0.0 |
| PDF Print Direct | 4.0.0~4.5.2 |
| Profile Assistant | 2.1.0~2.2.1 |
Solution
For detailed information, including available fixes and mitigation options, please refer to the following URL.
- OKI(Japan)
- OKI Europe(Europe)
- OKI Data (Singapore)
- OKI Systems (Thailand)
- OKI Systems Korea(Korea)
- OKI Data (Australia)
- OKI Data Americas(United States,Other Americas)
- OKI Data Americas(Other Latin America)
- OKI Data Americas(Brazil)
References
Acknowledgments
We thank Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. for discovering and reporting this vulnerability.
Revision History
February 12, 2026 Solution and References updated. February 9, 2026 Initial publication.
