CVE-2026-56437
Received Received - Intake

Pupsman DLL Search Path Vulnerability Leading to Privilege Escalation

Vulnerability report for CVE-2026-56437, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: JPCERT/CC

Description

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fuji_electric pupsman to 3.9.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an uncontrolled search path element issue found in Pupsman versions prior to 3.9.0. It occurs when a crafted DLL file is placed in the same folder as the affected installer. If the installer is then executed, the malicious DLL can be loaded and arbitrary code may be executed with SYSTEM privileges.

Impact Analysis

The impact of this vulnerability is that an attacker can execute arbitrary code with SYSTEM privileges on the affected system. This means the attacker could potentially take full control of the system, leading to unauthorized actions such as installing malware, stealing data, or disrupting system operations.

Compliance Impact

The vulnerability in Pupsman prior to version 3.9.0 allows arbitrary code execution with SYSTEM privileges if a crafted DLL is placed in the installer's folder. This could lead to unauthorized access or control over systems running the software.

Such unauthorized access and potential system compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system operations to prevent data breaches and unauthorized access.

Therefore, if exploited, this vulnerability could lead to violations of these regulations due to potential data exposure or system integrity loss.

Detection Guidance

This vulnerability involves a crafted DLL placed in the same folder as the Pupsman installer prior to version 3.9.0, which leads to arbitrary code execution with SYSTEM privileges when the installer is run.

To detect this vulnerability on your system, you should check the version of Pupsman installed and inspect the installation directory for any unexpected or suspicious DLL files.

  • On Windows, you can check the installed version of Pupsman via the Control Panel or by running: "wmic product where "name like '%Pupsman%'" get name, version"
  • Inspect the installation folder for suspicious DLLs using PowerShell: "Get-ChildItem -Path 'C:\Path\To\PupsmanInstaller' -Filter '*.dll' | Where-Object { $_.LastWriteTime -gt (Get-Date).AddDays(-30) }" to find recently added DLLs.
  • Use antivirus or endpoint detection tools to scan the installation directory for malicious DLLs.
Mitigation Strategies

The primary mitigation step is to update Pupsman to version 3.9.0 or later, where this vulnerability has been fixed.

Until the update can be applied, ensure that the installation directory is secured and restrict write permissions to trusted users only to prevent placing malicious DLL files.

Avoid running the installer from untrusted locations or sources.

Regularly monitor and audit the installation folder for unauthorized files.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56437. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart