CVE-2026-58315
Received Received - Intake

Cross-Site Request Forgery in SEIKO EPSON Web Config

Vulnerability report for CVE-2026-58315, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: JPCERT/CC

Description

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
seiko_epson web_config *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) issue found in the Web Config interface of certain SEIKO EPSON printers and scanners. It allows an attacker to perform unintended operations by tricking a user who is logged into the Web Config system into visiting a malicious webpage.

If the user accesses such a malicious page while logged in, the attacker can change product settings without the user's consent.

Impact Analysis

The impact of this vulnerability is that an attacker could alter the settings of your Epson printer or scanner without your knowledge if you visit a malicious webpage while logged into the Web Config interface.

This could lead to unauthorized changes in device configuration, potentially disrupting normal operation or security settings.

However, Epson has not reported any active exploitation of this vulnerability so far.

Users are advised to mitigate risk by following security guidelines such as avoiding direct internet connections, using private IP addresses, logging out after administrative sessions, and avoiding suspicious online activities while logged in.

Mitigation Strategies

To mitigate the risk of the CSRF vulnerability in SEIKO EPSON Web Config, users should follow several security guidelines.

  • Avoid direct internet connections to the Web Config interface.
  • Use private IP addresses for accessing the Web Config.
  • Log out after completing administrative sessions.
  • Refrain from visiting suspicious or untrusted webpages while logged into the Web Config.

Additionally, users should refer to Epson's security guidebook for secure setup and operation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58315. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart