[Japanese]

JVNDB-2026-000011

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview

beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries.
  • Uncontrolled search path element (CWE-427) - CVE-2026-21408
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.3 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
  • beat-access for Windows version 3.0.3 and prior

Impact

Arbitrary code may be executed with SYSTEM privileges.
Solution

[Update the Software]
Update the software to the latest version (Version 4.0.0 or later) according to the information provided by the developer.
Vendor Information

FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-21408
References

  1. JVN : JVN#03776126
  2. JVN : JVNTA#91240916
Revision History

  • [2026/01/27]
      Web page was published

Date Public2026/01/27
Date First Published2026/01/27
Date Last Updated2026/01/27