Ricoh Issues Alert for Printer Vulnerability Allowing Phishing Redirects
AI-generated from multiple sources. Verify before acting on this reporting.
TOKYO — Ricoh Company, Ltd. has acknowledged a security vulnerability in its laser printers and multifunction peripherals (MFPs) that could allow attackers to redirect users to malicious websites. The flaw, identified as CVE-2026-41226, affects devices running Ricoh Web Image Monitor software and poses a risk of phishing attacks globally.
The vulnerability stems from an open redirect issue within the Web Image Monitor implementation. Security researchers indicate that the flaw allows an attacker to craft a malicious URL that, when accessed by a user, redirects them to an arbitrary website. This mechanism could be exploited to deceive users into entering credentials or sensitive information on fraudulent sites designed to mimic legitimate services.
JPCERT/CC, the Japanese Computer Emergency Response Team, coordinated the disclosure of the vulnerability. The advisory was published on April 30, 2026, following the discovery of the software flaw. Ricoh confirmed the issue and stated that it impacts a wide range of its laser printers and MFPs deployed worldwide. The company has advised users to update their devices to the latest firmware versions available to mitigate the risk.
Tony Kirkland of Sixgen Inc. reported on the technical specifics of the vulnerability, highlighting the potential for social engineering attacks. The open redirect flaw does not require authentication to exploit, making it accessible to a broad range of threat actors. Users accessing the Web Image Monitor interface through a browser could be redirected without their knowledge, potentially compromising network security.
Ricoh has not specified the exact number of affected models but confirmed that the issue is present in multiple product lines. The company is working with partners to distribute patches and firmware updates to customers. Organizations using Ricoh devices are urged to check their current firmware versions and apply updates immediately if they are running vulnerable software.
The vulnerability highlights the growing security risks associated with networked office equipment. Printers and MFPs are often overlooked in security audits, yet they can serve as entry points for attackers. The open redirect flaw in Ricoh devices underscores the need for regular firmware updates and security monitoring of all connected hardware.
As of now, there is no evidence of active exploitation in the wild. However, security experts warn that the vulnerability could be weaponized in targeted campaigns. Ricoh has not provided a timeline for when all affected devices will be patched, leaving some organizations to manage the risk through network segmentation and access controls.
The incident adds to a series of vulnerabilities discovered in office equipment in recent years. Manufacturers are under increasing pressure to address security flaws promptly and provide clear guidance to customers. Ricoh’s response to this issue will be closely watched by security professionals and enterprise customers alike.
Further details on the scope of the vulnerability and the availability of patches for older models remain pending. Ricoh is expected to release additional guidance as the situation develops.