CVE-2026-21409

Name of the Vulnerable Software and Affected Versions RICOH Streamline NX versions 3.5.1 through 24R3

Description An improper authorization issue exists in the software. If a man-in-the-middle attack is performed on communication between the product and a user, and a specially crafted request is processed, a user’s registration information and/or OpenID Connect (OIDC) tokens may be obtained. OIDC is an authentication layer built on top of the OAuth 2.0 protocol, allowing users to grant websites or applications limited access to their information without exposing their credentials.

Recommendations Versions 3.5.1 through 24R3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.