CVE-2026-28760
Deferred Deferred - Pending Action
DLL Search Order Hijacking in RATOC RAID Installer Enables Privileged Code Execution

Publication date: 2026-03-26

Last updated on: 2026-05-19

Assigner: JPCERT/CC

Description
The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28760
EUVD
EUVD-2026-16125
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ratoc_systems ratoc_raid_monitoring_manager to 2.00.009.260220 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in RATOC RAID Monitoring Manager for Windows installer is a DLL hijacking issue. The installer searches the current directory to load certain DLL files. If an attacker can place a specially crafted malicious DLL in that directory, the installer will load it, leading to arbitrary code execution with administrator privileges.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code with administrator privileges on the affected system during the installation process. This means the attacker could potentially take full control of the system, compromising confidentiality, integrity, and availability of data and system resources.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-28760 in RATOC RAID Monitoring Manager for Windows, users should update the software to the latest version provided by RATOC Systems, Inc.

This update addresses the DLL hijacking issue that allows arbitrary code execution with administrator privileges during installation.

Compliance Impact

The vulnerability CVE-2026-28760 allows arbitrary code execution with administrator privileges via DLL hijacking during installation. This can lead to unauthorized access or control over the affected system.

Such unauthorized access and potential data compromise could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly discuss the direct effects on compliance with these standards or regulations.

Detection Guidance

This vulnerability involves DLL hijacking during the installation of RATOC RAID Monitoring Manager for Windows, where the installer searches the current directory for DLLs. Detection involves checking for the presence of unexpected or crafted DLL files in the installer's directory before running the installer.

To detect potential exploitation or presence of crafted DLLs, you can:

  • Inspect the installation directory for any suspicious DLL files that are not part of the official installer package.
  • Use file integrity tools or checksums to verify the authenticity of DLL files in the installer's directory.
  • Monitor file system changes in the installer's directory to detect unexpected DLL creation or modification.

Example commands on a Windows system to check for suspicious DLLs in the install directory (replace <install_dir> with the actual path):

  • dir /b /a-d <install_dir>\*.dll
  • Get-FileHash <install_dir>\*.dll (PowerShell) to verify file hashes against known good values.
  • Use Sysinternals tools like Process Monitor to watch for DLL loading activities during installation.

Ultimately, updating to the latest version of RATOC RAID Monitoring Manager is the recommended mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28760. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart