CVE-2026-21409
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ricoh | streamline_nx | From 3.5.1 (inc) to 24R3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper authorization issue in RICOH Streamline NX versions 3.5.1 to 24R3. It occurs when a man-in-the-middle (MITM) attack is performed on the communication between the product and its user. If the attacker sends a crafted request that the product processes, they may be able to retrieve the user's registration information and/or OpenID Connect (OIDC) tokens. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information such as user registration details and OIDC tokens. This can compromise user accounts and potentially allow attackers to impersonate users or gain unauthorized access to systems relying on these tokens, impacting confidentiality and security. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update RICOH Streamline NX to the latest version provided by Ricoh. Until an update is applied, it is recommended to apply the workaround detailed in Ricoh's advisories and official communications. [1]