CVE-2026-28760

Vulnerability

Description The installer of RATOC RAID Monitoring Manager for Windows (versions prior to 2.00.009.260220) suffers from an uncontrolled search path element (CWE-427) [1]. The installer searches the current directory for certain DLLs, allowing an attacker to smuggle a malicious DLL into the installer's execution context [1][2]. This is a classic binary planting vulnerability, as the installer does not validate the directory from which it loads libraries.

Exploitation

Scenario To exploit this vulnerability, an attacker must first trick a target user into placing a crafted DLL in the same directory as the installer [1]. The user then double-clicks the installer, which loads the attacker's DLL instead of the legitimate system library. No special privileges are required on the part of the attacker, and no authentication is needed beyond the user executing the installer [1]. The CVSS v3 base score is 7.8 (High), reflecting the low attack complexity but requirement for user interaction [1].

Impact

If the crafted DLL is successfully loaded, the attacker's code executes with Administrator privileges [1]. This enables full compromise of the affected system, including data exfiltration, malware installation, or further lateral movement within a network [1].

Mitigation

The vendor, RATOC Systems, has released version 2.00.009.260220 of the software, which fixes the uncontrolled search path issue [1][2]. Users should update the software to the latest version, following the instructions on the vendor's advisory page [2]. For those who cannot immediately update, the vulnerability cannot be easily mitigated without removing the installer from untrusted directories.