CVE-2026-42936
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-42936, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: JPCERT/CC

Description

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sbi_securities hyper_sbi to 3.20.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

Check for the presence of HYPER SBI 2 installer versions before 3.20.0 in your system. Inspect directories where the installer is stored for unexpected DLL files that may have been placed there maliciously.

Executive Summary

This vulnerability involves the HYPER SBI 2 installer loading Dynamic Link Libraries (DLLs) insecurely. If a malicious DLL is placed in the same directory as the installer, it could execute arbitrary code with the user's privileges when the installer runs.

Impact Analysis

An attacker could exploit this to run malicious code on your system with your user privileges. This could lead to unauthorized access, data theft, or further compromise of your device.

Compliance Impact

This vulnerability could lead to unauthorized access or data breaches, which may violate GDPR or HIPAA requirements for data protection and security. Compliance could be impacted if sensitive data is exposed.

Mitigation Strategies

Update HYPER SBI 2 to version 3.20.0 or later. Remove any unknown or suspicious DLL files from directories where the installer is located. Only download installers from the official SBI SECURITIES website.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart