CVE-2026-5397

Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

Assigner: OMRON
Reserved: 02.04.2026 Published: 15.04.2026 Updated: 15.04.2026

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges.

If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	OMRON SOCIAL SOLUTIONS CO., Ltd.
Product	PowerAttendant Standard Edition
Versions	Default: unaffected Version 2.1.2 or lower is affected

Vendor

OMRON SOCIAL SOLUTIONS CO., Ltd.

Product

PowerAttendant Standard Edition

Versions

Default: unaffected

Version 2.1.2 or lower is affected

References

Problem Types

CWE-427 Uncontrolled Search Path Element CWE

Impacts

CAPEC-471 Search Order Hijacking

CVE-2026-5397 PUBLISHED