CVE-2026-41226
Open Redirect in Ricoh Web Image Monitor
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ricoh | web_image_monitor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue found in multiple Ricoh laser printers and multifunction printers that use the Ricoh Web Image Monitor. It allows attackers to create specially crafted URLs that redirect users to arbitrary websites.
When a user accesses such a malicious URL, they may be redirected without their knowledge, potentially leading them to phishing sites.
How can this vulnerability impact me? :
The main impact of this vulnerability is that users of affected Ricoh printers may be redirected to malicious websites when clicking on specially crafted URLs.
This can lead to phishing attacks where attackers attempt to steal sensitive information or credentials by impersonating legitimate sites.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability can be mitigated by updating the Ricoh Web Image Monitor to the latest version provided by Ricoh.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The open redirect vulnerability in Ricoh Web Image Monitor could potentially lead to phishing attacks by redirecting users to arbitrary websites. Such phishing attacks may result in unauthorized access to sensitive personal or health information, which could impact compliance with standards like GDPR and HIPAA that require protection of personal data and safeguarding against unauthorized access.
However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with GDPR, HIPAA, or other common standards and regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying Ricoh laser printers and multifunction printers (MFPs) that implement the Ricoh Web Image Monitor on your network and testing for open redirect behavior via specially crafted URLs.
A practical approach is to scan your network for devices running the Ricoh Web Image Monitor service and then manually or programmatically test URLs that might trigger the open redirect.
For example, you can use tools like curl or wget to send requests to suspected Ricoh Web Image Monitor URLs with crafted parameters to see if redirection occurs.
- curl -I "http://<printer-ip>/webimage_monitor?redirect=http://malicious.example.com"
- wget --max-redirect=0 "http://<printer-ip>/webimage_monitor?redirect=http://malicious.example.com"
If the response indicates a redirect to the arbitrary URL, the device is vulnerable.
Additionally, network scanning tools can be used to identify Ricoh devices by their service banners or fingerprints.