CVE-2026-42936 PUBLISHED

Assigner: jpcert
Reserved: 10.07.2026 Published: 15.07.2026 Updated: 15.07.2026

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.4

Product Status

Vendor SBI SECURITIES Co.,Ltd.
Product HYPER SBI 2
Versions Default: affected
  • affected from 0 to ver.3.20.0 (excl.)

References

Problem Types