Executive Summary

CVE-2026-26306 is a vulnerability in the installer for OM Workspace (Windows Edition) version 2.4 and earlier. The issue is caused by the installer insecurely loading Dynamic Link Libraries (DLLs) due to improper control of the DLL search path (CWE-427). If a malicious DLL is placed in the same directory as the installer, the installer may load this malicious DLL instead of the legitimate one.

This flaw allows an attacker to execute arbitrary code with the same privileges as the user running the installer, potentially compromising the system.

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the user running the OM Workspace installer. Since the installer insecurely loads DLLs, a malicious DLL placed alongside the installer can be loaded and executed.'}, {'type': 'paragraph', 'content': "The impact includes potential full compromise of your system under the user's privileges, which can lead to unauthorized access, data theft, or system manipulation."}, {'type': 'paragraph', 'content': "The attack requires local access and user interaction, meaning an attacker must trick you into placing the malicious DLL in the installer's directory and running the installer."}] [1, 2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by verifying the version of the OM Workspace installer present on your system. Specifically, check if the installer version is 2.4 or earlier, as these versions are affected.'}, {'type': 'paragraph', 'content': 'To verify the installer version, right-click the installer file (e.g., OWSetup_64bit.exe), select “Properties,” and then check the “Details” tab for the version information.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves insecure loading of DLLs from the installer's directory, you should also inspect the directory containing the installer for any unexpected or suspicious DLL files that could be malicious."}, {'type': 'paragraph', 'content': 'There are no specific network detection commands or signatures provided in the available information.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update OM Workspace to the latest installer version provided by OM Digital Solutions Corporation, which addresses the DLL search path issue.

Remove any older installer files (version 2.4 or earlier) from your system to prevent accidental execution of vulnerable installers.

You can update OM Workspace via the Help menu within the application or by downloading and reinstalling the latest installer from the official OM Digital Solutions website.

Ensure that no malicious DLL files are present in the same directory as the installer before running it.

If further assistance is needed, contact OM Digital Solutions Customer Support Center.

Useful 0 Not Useful 0