[Japanese]

JVNDB-2026-000003

RICOH Streamline NX vulnerable to improper authorization

Overview

RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
  • Improper authorization (CWE-639) - CVE-2026-21409
Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.9 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Ricoh Co., Ltd
  • Ricoh Streamline NX 3.5.1 to 24R3

Impact

If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.

[Apply the Workaround]
The developer recommends to apply the workaround until the affected product is updated.

For more details, refer to the information provided by the developer.
Vendor Information

Ricoh Co., Ltd
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-21409
References

  1. JVN : JVN#12770174
Revision History

  • [2026/01/09]
      Web page was published

Date Public2026/01/09
Date First Published2026/01/09
Date Last Updated2026/01/09