Uncontrolled Search Path Vulnerability in Pupsman Software from Fuji Electric
CVE-2026-56437
8.4HIGH
What is CVE-2026-56437?
A security vulnerability exists in the Pupsman software developed by Fuji Electric, where an uncontrolled search path element allows an attacker to place a malicious DLL file in the same directory as the installer. If executed, this can lead to arbitrary code execution with SYSTEM privileges, posing significant risks to system integrity and security. Users are advised to update to Pupsman version 3.9.0 or later to mitigate this risk. More details can be found in the official documentation and security advisories.
Affected Version(s)
Pupsman prior to 3.9.0
References
CVSS V4
Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
