Reflected Cross-Site Scripting in Ricoh Laser Printers and Multifunction Printers
CVE-2026-56809

5.1MEDIUM

Key Information:

Vendor

Ricoh Company, Ltd.

Status
Multiple Laser Printers And Mfps Which Implement Ricoh Web Image Monitor
Vendor
CVE Published:
30 June 2026

What is CVE-2026-56809?

Multiple Ricoh laser printers and multifunction printers utilizing the Ricoh Web Image Monitor are susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw allows attackers to execute arbitrary scripts in the web browser of users who access the Web Image Monitor interface. If exploited, this vulnerability could potentially compromise user data and lead to unauthorized actions taken on behalf of the user.

Affected Version(s)

Multiple laser printers and MFPs which implement Ricoh Web Image Monitor see the information provided by the vendor

References

https://www.ricoh.com/products/security/vulnerabilities/v...
https://jp.ricoh.com/security/products/vulnerabilities/vu...
https://jvn.jp/en/jp/JVN48718197/

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.