CVE-2026-9258
Analyzed Analyzed - Analysis Complete

Improper SSH Host Key Validation in Canon EOS Network Setting Tool

Vulnerability report for CVE-2026-9258, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-18

Assigner: Canon Inc.

Description

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-18
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
canon eos_network_setting_tool to 1.5.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9258 is a vulnerability in Canon's EOS Network Setting Tool, specifically versions 1.5.0 and earlier. The issue involves improper validation of SSH host keys, which are used to establish secure connections. This flaw could allow an attacker to obtain authentication credentials used in FTP, FTPS, and SFTP communication test functions.

Detection Guidance

This vulnerability affects the EOS Network Setting Tool version 1.5.0 or earlier, included in EOS Utility versions 3.12.0 to 3.20.20 on Windows and macOS. Detection involves identifying if these vulnerable versions are present on your system.

To detect the presence of the vulnerable software, you can check the installed version of EOS Utility or EOS Network Setting Tool on your system.

  • On Windows, use PowerShell to check installed programs: Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object { $_.DisplayName -like '*EOS Utility*' } | Select-Object DisplayName, DisplayVersion
  • On macOS, check the version of EOS Utility by running: /Applications/EOS\ Utility.app/Contents/Info.plist and inspecting the CFBundleShortVersionString key or use: mdls -name kMDItemVersion /Applications/EOS\ Utility.app

Network detection of exploitation attempts is not detailed in the provided information, and no specific commands for network scanning or detection of the vulnerability are given.

Impact Analysis

If exploited, this vulnerability could allow an attacker to steal authentication credentials for FTP, FTPS, and SFTP communications. This could lead to unauthorized access to sensitive data or systems that rely on these credentials for secure file transfers.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-9258, users should update the EOS Utility software to the latest version.

  • Update EOS Utility to version 3.20.21 or later.
  • Ensure that the EOS Network Setting Tool version is later than 1.5.0, as versions 1.5.0 and earlier are vulnerable.
Compliance Impact

The vulnerability in the EOS Network Setting Tool could allow an attacker to obtain authentication credentials used in FTP, FTPS, and SFTP communication test functions. Exposure of such credentials may lead to unauthorized access to sensitive data, which could impact compliance with data protection regulations such as GDPR and HIPAA that require safeguarding authentication information and preventing unauthorized data access.

Therefore, failure to address this vulnerability by not updating to the latest software version may result in non-compliance with these standards due to potential data breaches or unauthorized access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart