CP2026-002 Vulnerability Remediation for IJ Scan Utility for Windows
February 26, 2026
Canon Inc.
Description
A vulnerability has been identified in IJ Scan Utility for Windows. This vulnerability occurs because the executable path of a Windows service is not enclosed in quotation marks. If the file path contains spaces, a local attacker could exploit this condition by leveraging a path with spaces, potentially allowing a malicious file to be executed with the privileges of the affected service.
Affected Products
IJ Scan Utility for Windows – Ver.1.1.2 through Ver.1.5.0 (inclusive)
Remediation
MP Drivers that include the updated software addressing this issue are available on the websites of your local Canon sales representatives. We advise that our customers install the latest MP Driver and confirm that the following software version is installed:
IJ Scan Utility for Windows – Ver.1.6.0 and higher
IJ Scan Utility for Windows – Ver.1.6.0 and higher
CVE/CVSS
| CVE-2026-1585: | An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows may allow a local attacker to execute a malicious file with the privileges of the affected service. |
| CVSS v4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score: 8.4 | |
| CVSS v3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.7 |
Thank you to EnivalChen for reporting this vulnerability.