CP2026-005 Multiple Vulnerabilities in EOS Network Setting Tool

CP2026-005 Multiple Vulnerabilities in EOS Network Setting Tool

June 15, 2026
Canon Inc.
 
 
Description
Multiple vulnerabilities have been identified in the EOS Network Setting Tool, which is included in the EOS Utility installer. If these vulnerabilities are exploited, authentication information used in the FTP/FTPS/SFTP communication test function could be obtained by a third party.
 
Affected Software
EOS Network Setting Tool Version 1.5.0 or earlier (for Windows and macOS), which is included in EOS Utility Versions 3.12.0 to 3.20.20 (inclusive).
 
Remediation
An updated version of the EOS Network Setting Tool that addresses these vulnerabilities is available from the websites of your local Canon sales representatives. We advise that our customers install the latest EOS Network Setting Tool and confirm that the following software version is installed:
 
EOS Network Setting Tool Version 1.5.1 or later (for Windows and macOS), which is included in EOS Utility Version 3.20.21 or later.
 
 
CVE/CVSS
CVE-2026-9258: Improper validation of SSH host keys in the EOS Network Setting Tool
  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 7.1
  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 6.5
CVE-2026-9259: Improper validation of server certificates in the EOS Network Setting Tool
  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 7.1
  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 6.5
CVE-2026-9260: Use of hard-coded cryptographic keys in the EOS Network Setting Tool
  CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.9
  CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.2
CVE-2026-9261: Use of weak SSH cryptographic algorithms in the EOS Network Setting Tool
  CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Base Score: 7.6
  CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Base Score: 6.8
CVE-2026-9262: Use of a non-secure protocol as the default FTP configuration in the EOS Network Setting Tool
  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 7.1
  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score: 6.5