Insecure DLL Loading Vulnerability in EmoCheck by JPCERT
CVE-2026-28704

8.4HIGH

Key Information:

Vendor: Japan Computer Emergency Response Team Coordination Center (jpcert/cc)
Status: Emocheck
Vendor: CVE Published:; 10 April 2026

🔔 Create Japan Computer Emergency Response Team Coordination Center (jpcert/cc) Vulnerability Alert

What is CVE-2026-28704?

EmoCheck has a vulnerability that allows it to insecurely load Dynamic Link Libraries (DLLs) from its directory. Attackers can exploit this flaw by placing a malicious DLL file in the same directory, leading to arbitrary code execution with the privileges of the user running EmoCheck. This poses a significant risk, particularly if EmoCheck is executed with elevated privileges, allowing an attacker to perform unauthorized actions and compromise the integrity of the system.

Affected Version(s)

Emocheck all versions

References

https://www.jpcert.or.jp/press/2026/PR20260410.html

https://github.com/JPCERTCC/EmoCheck/

https://jvn.jp/en/jp/JVN00263243/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-28704 Data

JSON