Uncontrolled Search Path Vulnerability in Pupsman Software from Fuji Electric
CVE-2026-56437

8.4HIGH

Key Information:

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-56437?

A security vulnerability exists in the Pupsman software developed by Fuji Electric, where an uncontrolled search path element allows an attacker to place a malicious DLL file in the same directory as the installer. If executed, this can lead to arbitrary code execution with SYSTEM privileges, posing significant risks to system integrity and security. Users are advised to update to Pupsman version 3.9.0 or later to mitigate this risk. More details can be found in the official documentation and security advisories.

Affected Version(s)

Pupsman prior to 3.9.0

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.