Windows Service Vulnerability in Oki Electric and OEM Products
CVE-2026-24466

8.4HIGH

Key Information:

Vendor: Oki Electric Industry Co., Ltd.
Status: See "references" Section
Vendor: CVE Published:; 9 February 2026

🔔 Create Oki Electric Industry Co., Ltd. Vulnerability Alert

What is CVE-2026-24466?

Oki Electric Industry Co., Ltd. and its OEM partners, including Ricoh Co., Ltd. and Murata Machinery, have identified a vulnerability in their Windows services. The issue arises from the registration of services with unquoted file paths, which can be exploited by a user with write permissions on the root directory. This vulnerability allows the execution of arbitrary code with SYSTEM privileges, potentially compromising system security.

Affected Version(s)

See "References" section See "References" section

References

https://www.oki.com/jp/product_security/sa_2026_0001_en.html

https://www.oki.com/jp/printing/support/important-informa...

https://jp.ricoh.com/security/products/vulnerabilities/vu...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2026
Vulnerability Reserved
Jan 23, 2026

CVE-2026-24466 Data

JSON