Cyber Resilience

CVE-2026-5397

High

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0013 2.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5397 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Omron (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-5397 is a CWE-427 vulnerability in the UPS (Uninterruptible Power Supply) management application. The issue stems from improper permissions on the installation directory, which allow a malicious actor to place a DLL file. This DLL is then executed with administrator privileges due to the application's behavior of loading missing DLLs from the same directory as the executable during service startup.

A local attacker with low privileges (PR:L) can exploit this vulnerability by placing a malicious DLL in the installation directory, though it requires high attack complexity (AC:H). Successful exploitation enables execution of the DLL with administrator privileges, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) and a changed scope (S:C), as reflected in the CVSS v3.1 base score of 7.8.

Omron has issued security advisories OMSR-2026-001 addressing this vulnerability, available in English at https://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf and Japanese at https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf. Security practitioners should review these documents for detailed mitigation and patching guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If…

more

a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

The vulnerability allows a low-privileged attacker to place a malicious DLL in the application's installation directory (due to weak permissions) which is then loaded during service startup, directly enabling DLL side-loading for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57964Shared CWE-427
CVE-2024-57426Shared CWE-427
CVE-2025-21127Shared CWE-427
CVE-2024-57963Shared CWE-427
CVE-2019-25268Shared CWE-427
CVE-2024-9493Shared CWE-427
CVE-2026-23755Shared CWE-427
CVE-2026-2713Shared CWE-427
CVE-2024-29223Shared CWE-427
CVE-2026-40031Shared CWE-427

Affected Assets

Omron
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes secure configuration settings for file system permissions to prevent unauthorized writes to the UPS management application installation directory.

prevent

Enforces the principle of least privilege to restrict low-privileged local attackers from placing malicious DLLs in the installation directory.

detect

Monitors software integrity in the installation directory to detect unauthorized modifications such as placement of malicious DLLs prior to service startup.

References