CVE-2026-21409

Summary

Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.

Affected Software

VendorProductVersion RangeStatus
Ricoh Company, Ltd.RICOH Streamline NX3.5.1 to 24R3affected

Weaknesses

  • CWE-639: Authorization bypass through user-controlled key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References