Cameras
Mirrorless Cameras DSLR Cameras Compact Cameras Speedlite Flashes Wireless Transmitters Other

Lenses
Mirrorless Lenses DSLR Lenses Binoculars Monoculars

Video
Consumer Camcorder Professional Camcorder

Printers
Megatank and Home Printers Office Printers Compact Portable Printers

Large Format Printers
Graphic Poster Signage Printers Technical Document Printers

Copiers & MFP
imageFORCE imagePRESS LITE imageRUNNER ADVANCE DX imageRUNNER

Production
Color Sheetfed Digital Presses Monochrome Sheetfed Digital Presses

Scanners
Office Scanners Production Scanners Mobile Scanners Check Scanners Photo Scanners Wifi & Network Scanners

Office
Projectors Calculators Presenters Fax Machines

Software Solutions
Output Management Information Management Workflow Document Capture Distribution Mobile Solutions Poster Creation Software

CPA2026-002: Vulnerability Remediation for IJ Scan Utility for Windows

February 24, 2026

Canon U.S.A., Inc. has recently become aware of a potential security vulnerability involving the IJ Scan Utility for Windows. This potential vulnerability may occur because the executable path of a Windows service is not enclosed in quotation marks. If the file path contains spaces, a local attacker could exploit this condition by leveraging a path with spaces, potentially allowing a malicious file to be executed with the privileges of the affected service.

CVE Number

CVE-2026-1585

Affected Software

IJ Scan Utility for Windows – Version 1.1.2 through 1.5.0

Remediation

Canon has released updated drivers to address this potential vulnerability on our Canon USA website. We recommend that our customers install the latest MP Driver and confirm that the following software version is installed: IJ Scan Utility for Windows – Version 1.6.0 and higher.

CVE/CVSS

CVE-2026-1585: An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows may allow a local attacker to execute a malicious file with the privileges of the affected service. CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score: 8.4.

Credits

Canon acknowledges Enival Chen for reporting this potential vulnerability.

Thank you,
Customer Support
Canon U.S.A., Inc.

GET PRODUCTS
Want to buy a product? Let us help you find where you can.
WHERE TO BUY
GET SUPPORT
Need help with your product? Let us help you find what you need.
PRODUCT SUPPORT
GET SERVICE
Need to service your product? Let us help you find where you can.
SERVICE LOCATOR