Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege.
History

Fri, 10 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Fujielectric
Fujielectric pupsman
Vendors & Products Fujielectric
Fujielectric pupsman

Fri, 10 Jul 2026 01:15:00 +0000

Type Values Removed Values Added
Title DLL Search Path Exploit in Fuji Electric Pupsman Leads to System‑level Code Execution

Thu, 09 Jul 2026 16:15:00 +0000

Type Values Removed Values Added
Title DLL Search Path Manipulation Leading to System Privilege Escalation

Wed, 08 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
Title DLL Search Path Manipulation Leading to System Privilege Escalation

Wed, 08 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 05:45:00 +0000

Type Values Removed Values Added
Description Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2026-07-08T04:38:08.120Z

Updated: 2026-07-08T13:00:01.648Z

Reserved: 2026-06-28T23:50:03.147Z

Link: CVE-2026-56437

cve-icon Vulnrichment

Updated: 2026-07-08T12:59:22.707Z

cve-icon NVD

No data.

cve-icon Redhat

No data.