CVE-2026-24466 is a vulnerability identified in Windows services installed by products from Oki Electric Industry Co., Ltd. and its OEM partners such as Ricoh Co., Ltd. and Murata Machinery, Ltd. The root cause is the registration of Windows services with unquoted file paths. In Windows, if a service path contains spaces and is not enclosed in quotes, the system may interpret the path incorrectly, potentially executing malicious executables placed in certain locations along the path. Specifically, if a user has write permissions on the root directory of the system drive (commonly C:\), they can place a malicious executable that will be executed with SYSTEM privileges when the service starts or restarts. This vulnerability requires the attacker to have local access with elevated privileges to write to the root directory but does not require user interaction to exploit once the malicious file is placed. The impact includes full compromise of the system’s confidentiality, integrity, and availability due to SYSTEM-level code execution. The CVSS 3.0 score of 6.7 reflects a medium severity, considering the attack vector is local, requires privileges, and no user interaction is needed. No public exploits have been reported yet, but the vulnerability poses a significant risk if leveraged. The affected products include various Oki Electric Industry devices and their OEM variants, which are used in enterprise and industrial environments. The vulnerability highlights the importance of secure service path configuration and strict file system permissions to prevent privilege escalation attacks.

For European organizations, exploitation of CVE-2026-24466 could lead to complete system compromise on affected devices, allowing attackers to execute arbitrary code with SYSTEM privileges. This could result in unauthorized data access, modification, or destruction, disruption of critical services, and potential lateral movement within networks. Organizations in sectors such as manufacturing, government, and enterprise IT that deploy Oki, Ricoh, or Murata machinery and devices are particularly at risk. The vulnerability could undermine trust in critical infrastructure and lead to operational downtime or data breaches. Given the medium CVSS score and the requirement for local elevated access, the threat is moderate but significant in environments where internal threat actors or compromised accounts exist. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks. European organizations must be vigilant, especially those with complex supply chains and OEM equipment from the affected vendors.

1. Immediately audit and restrict write permissions on the root directory of the system drive (e.g., C:\) to prevent unauthorized users from placing executables. 2. Apply vendor patches or updates as soon as they become available to ensure service paths are correctly quoted. 3. Conduct a thorough inventory of all Oki Electric Industry, Ricoh, and Murata Machinery devices and software in use to identify vulnerable systems. 4. Implement application whitelisting and endpoint protection solutions that can detect and block unauthorized service modifications or suspicious executable placements. 5. Regularly monitor Windows service configurations for unquoted paths and remediate any found instances proactively. 6. Employ least privilege principles to limit user permissions, especially on critical system directories. 7. Use security auditing tools to detect attempts to write to the system drive root or modify service configurations. 8. Educate system administrators about the risks of unquoted service paths and the importance of secure service registration practices.