- Home
- 商品・サービスセキュリティ
- セキュリティ情報
- SA-2026-0001
商品・サービスセキュリティ
SA-2026-0001:Identified vulnerability of an unquoted service path in certain utilities for our printers and multifunction devices
Publication Date: February 9, 2026 Last Updated: February 9, 2026
Overview
A vulnerability (CVE-2026-24466) exists in certain Windows utilities provided for our printers and multifunction devices, where the executable path configured for a Windows service is not enclosed in quotation marks.
A local user with write permissions to the root of the system drive could execute arbitrary code with SYSTEM privileges.
CVE-2026-24466(CVSS3.0 Base score: 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CWE-428
Affected Products
The following Windows utilities are affected.
| Utility Name | Affected Version(s) |
|---|---|
| Configuration Tool |
2.0.1 and earlier 1.8.1 and earlier(Pro3 series) |
| smart Print Super Vision | 2.0.2 and earlier |
| Print Job Accounting | 4.4.13 and earlier |
| Print Job Accounting Lite | 4.4.13.2 and earlier |
| Web Driver Installer | 1.5.11 and earlier |
| Storage Device Manager | 3.0.0.1~3.2.0.0 |
| PDF Print Direct | 4.0.0~4.5.2 |
| Profile Assistant | 2.1.0~2.2.1 |
Solution
For detailed information, including available fixes and mitigation options, please refer to the following URL.
References
JVN#55395471
Acknowledgments
We thank Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. for discovering and reporting this vulnerability.
Revision History
February 9, 2026 Initial publication.
