CVE-2026-41226
Received Received - Intake
Open Redirect in Ricoh Web Image Monitor

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: JPCERT/CC

Description
Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41226
EUVD
EUVD-2026-26314
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ricoh web_image_monitor *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability can be mitigated by updating the Ricoh Web Image Monitor to the latest version provided by Ricoh.

Executive Summary

This vulnerability is an open redirect issue found in multiple Ricoh laser printers and multifunction printers that use the Ricoh Web Image Monitor. It allows attackers to create specially crafted URLs that redirect users to arbitrary websites.

When a user accesses such a malicious URL, they may be redirected without their knowledge, potentially leading them to phishing sites.

Impact Analysis

The main impact of this vulnerability is that users of affected Ricoh printers may be redirected to malicious websites when clicking on specially crafted URLs.

This can lead to phishing attacks where attackers attempt to steal sensitive information or credentials by impersonating legitimate sites.

Detection Guidance

This vulnerability can be detected by identifying Ricoh laser printers and multifunction printers (MFPs) that implement the Ricoh Web Image Monitor on your network and testing for open redirect behavior via specially crafted URLs.

A practical approach is to scan your network for devices running the Ricoh Web Image Monitor service and then manually or programmatically test URLs that might trigger the open redirect.

For example, you can use tools like curl or wget to send requests to suspected Ricoh Web Image Monitor URLs with crafted parameters to see if redirection occurs.

  • curl -I "http://<printer-ip>/webimage_monitor?redirect=http://malicious.example.com"
  • wget --max-redirect=0 "http://<printer-ip>/webimage_monitor?redirect=http://malicious.example.com"

If the response indicates a redirect to the arbitrary URL, the device is vulnerable.

Additionally, network scanning tools can be used to identify Ricoh devices by their service banners or fingerprints.

Compliance Impact

The open redirect vulnerability in Ricoh Web Image Monitor could potentially lead to phishing attacks by redirecting users to arbitrary websites. Such phishing attacks may result in unauthorized access to sensitive personal or health information, which could impact compliance with standards like GDPR and HIPAA that require protection of personal data and safeguarding against unauthorized access.

However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with GDPR, HIPAA, or other common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41226. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart