← Back
2026-03-26 6:54CVE-2026-28760jpcert
PUBLISHED5.2CWE-427

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

Problem type

Affected products

RATOC Systems, Inc.

RATOC RAID Monitoring Manager for Windows

prior to 2.00.009.260220 - AFFECTED

References

ratocsystems.com

https://www.ratocsystems.com/topics/userinfo/raidmanager202508/

jvn.jp

https://jvn.jp/en/jp/JVN08057419/

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-28760
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-28760",
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "dateUpdated": "2026-03-26T14:17:16.467Z",
    "dateReserved": "2026-03-19T02:37:39.933Z",
    "datePublished": "2026-03-26T06:54:59.213Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert",
        "dateUpdated": "2026-03-26T06:54:59.213Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege."
        }
      ],
      "affected": [
        {
          "vendor": "RATOC Systems, Inc.",
          "product": "RATOC RAID Monitoring Manager for Windows",
          "versions": [
            {
              "version": "prior to 2.00.009.260220",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en-US",
              "description": "Uncontrolled Search Path Element",
              "cweId": "CWE-427",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.ratocsystems.com/topics/userinfo/raidmanager202508/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN08057419/"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ],
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "baseScore": 7.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T14:17:16.467Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}