Home
News & Events
News
Notice on potential impact of "Vulnerability leading...
27.01.2026

Notice on potential impact of "Vulnerability leading to leakage of Credential IDs and Personally Identifiable Information of Users" towards RICOH Streamline NX V3

Notice on potential impact of "Vulnerability leading to leakage of Credential IDs and Personally Identifiable Information of Users" towards RICOH Streamline NX V3

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.


Ricoh is aware of the reported "Vulnerability leading to Leak of Credential IDs and PII of Users" affecting RICOH Streamline NX V3.
During the authentication process of the RICOH Streamline NX PC Client, the system assigns a token to authenticate users.
An issue has been identified that using the token, together with other information could allow unauthorised access to user information.
Exploitation of this vulnerability requires an attack to intercept network data to obtain specific information.
If the communication uses unencrypted HTTP instead of HTTPS, and the network communication is intercepted, the following impacts may occur.

Confidentiality impact: Personal Identifiable Information
Integrity impact: Personal Identifiable Information and tokens can be retrieved and potentially used for malicious actions.
Availability impact: None.

  • Vulnerability Information ID : ricoh-2025-000011
  • Version: 1.01E
  • CVE ID(CWE ID) : CVE-2026-21409 (  CWE-639)
  • CVSSv3 base score: 5.9 MEDIUM

List1: Ricoh products and services affected by this vulnerability

Product/serviceLink to details
RICOH Streamline NX V3Affected. For details, please refer to the following URL

Contact
Please contact your local Ricoh representative or dealer if you have any queries.

Acknowledgement:
Ricoh would like to thank and acknowledge CYS DET PEN from Siemens for reporting this finding.

History:
2026-01-13T18:00:00+09:00 : 1.01E Updated vulnerability summary
2026-01-09T12:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page: https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000011

empty
Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.