CVE-2026-56809
Received Received - Intake

Reflected XSS in Ricoh Web Image Monitor

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: JPCERT/CC

Description
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-56809
EUVD
EUVD-2026-40255

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ricoh web_image_monitor *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a reflected cross-site scripting (XSS) issue found in multiple Ricoh laser printers and multifunction printers (MFPs) that use the Ricoh Web Image Monitor interface.

It allows an attacker to execute arbitrary scripts in the web browser of a user who accesses the Web Image Monitor, potentially leading to unauthorized actions or data exposure within the user's browser session.

Impact Analysis

The vulnerability can impact you by enabling attackers to run malicious scripts in your web browser when you access the Ricoh Web Image Monitor.

This could lead to theft of sensitive information, session hijacking, or unauthorized actions performed on your behalf within the printer's web interface.

Since the vulnerability requires user interaction (accessing the Web Image Monitor), the risk depends on user behavior and exposure.

Mitigation Strategies

To mitigate this reflected cross-site scripting vulnerability in Ricoh Web Image Monitor, users are advised to update their Web Image Monitor software to the latest version provided by Ricoh.

Applying the official updates will address the vulnerability and reduce the risk of arbitrary script execution in users' web browsers.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56809. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart