CVE-2026-9261

Vulnerability

The Canon EOS Network Setting Tool, versions 1.5.0 and earlier, uses weak SSH cryptographic algorithms during its FTP, FTPS, and SFTP communication test functionality. This weakness arises from the inclusion of outdated or insufficiently secure cipher suites and MAC algorithms, which can be exploited to compromise the confidentiality of the connection. The tool is bundled with EOS Utility versions 3.12.0 through 3.20.20 [1].

Exploitation

An attacker positioned on the network between the tool and a remote server (man-in-the-middle) could exploit the weak SSH algorithms to decrypt or intercept the authentication credentials transmitted during the test functions. The attack requires the user to initiate an FTP, FTPS, or SFTP test while the attacker is able to observe or manipulate the network traffic. No prior authentication to the tool is necessary; the vulnerability is in the handling of the test connections [1].

Impact

Successful exploitation allows the attacker to obtain the authentication credentials (username and password) used in the communication test function. This could lead to unauthorized access to the remote file server or other systems where the same credentials are reused. The compromise affects confidentiality of stored credentials and potentially the integrity and availability if the attacker uses the credentials for further attacks [1].

Mitigation

Canon has released EOS Utility version 3.20.21, which includes an updated EOS Network Setting Tool that disables weak SSH cryptographic algorithms. Users should update to EOS Utility 3.20.21 or later. No workaround is provided; the only mitigation is to apply the patch. Affected versions are those of EOS Network Setting Tool 1.5.0 and earlier, bundled with EOS Utility 3.12.0 through 3.20.20 [1].