CVE-2026-5397
DLL Hijacking via Improper Permissions in UPS Management App
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: OMRON Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability (CWE-427) exists in a UPS management application where improper permissions on the installation directory allow a malicious actor to place a malicious DLL file.
The product loads missing DLLs from its installation directory during service startup, so if a malicious DLL is placed there, it may be executed with administrator privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute malicious code with administrator privileges on the affected system.
This can lead to full compromise of the system, including unauthorized access, data modification, or disruption of services.