JVNDB-2026-005744

[Japanese]
JVNDB-2026-005744
Canon IJ Scan Utility registers Windows services with unquoted file paths
Overview
IJ Scan Utility provided by Canon Inc. contains the following vulnerability. Unquoted search path or element (CWE-428) - CVE-2026-1585 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 6.7 (Medium) [Other] Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Canon IJ Scan Utility Ver.1.1.2 to Ver.1.5.0

Impact
A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.
Solution
[Update the Software] Update the software to the latest version according to the information provided by the developer. For more information, refer to the information provided by the developer.
Vendor Information
Canon Canon Europe : CPE2026-002 - Vulnerability Remediation for IJ Scan Utility for Windows Canon Inc. : CP2026-002 Vulnerability Remediation for IJ Scan Utility for Windows Canon USA : CPA2026-002: Vulnerability Remediation for IJ Scan Utility for Windows
CWE (What is CWE?)
Unquoted Search Path or Element(CWE-428) [Other]
CVE (What is CVE?)
CVE-2026-1585
References
JVN : JVNVU#99676444
Revision History
[2026/03/04] Web page was published


Date Public	2026/03/03
Date First Published	2026/03/04
Date Last Updated	2026/03/04

Canon IJ Scan Utility registers Windows services with unquoted file paths