Unquoted Windows Service Executable Path Vulnerability in IJ Scan Utility by Canon
CVE-2026-1585

8.4HIGH

Key Information:

Vendor

Canon Inc.

Status
Ij Scan Utility
Vendor
CVE Published:
26 February 2026

What is CVE-2026-1585?

A vulnerability in the IJ Scan Utility for Windows allows a local attacker to exploit an unquoted executable path in Windows services. This could enable them to execute malicious files with the privileges of the affected service, potentially compromising system security and integrity. Users of versions 1.1.2 to 1.5.0 must take immediate action to secure their systems against potential exploitation.

Affected Version(s)

IJ Scan Utility 1.1.2 <= 1.5.0

References

https://psirt.canon/advisory-information/cp2026-002/
vendor-advisory
https://canon.jp/support/support-info/260226vulnerability...
vendor-advisory
https://www.usa.canon.com/support/canon-product-advisorie...
vendor-advisory

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.