[Japanese]

JVNDB-2026-000040

Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries

Overview

OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace (Windows Edition) contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
  • Uncontrolled search path element (CWE-427) - CVE-2026-26306
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with OM Digital Solutions Corporation under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
  • Access Vector (AV): Local
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): None
  • User Interaction (UI): Active
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
Affected Products


OM Digital Solutions Corporation
  • OM Workspace (Windows Edition) Ver 2.4 and earlier

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.
Solution

[Use the latest installer]
Use the latest installer provided by OM Digital Solutions Corporation.
The developer has released the installer that contains a fix for this vulnerability.
Vendor Information

OM Digital Solutions Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-26306
References

  1. JVN : JVNTA#91240916
  2. JVN : JVN#19505323
Revision History

  • [2026/03/25]
      Web page was published

Date Public2026/03/25
Date First Published2026/03/25
Date Last Updated2026/03/25