Dear Customers,

We would like to thank you for your continued support of FUJIFILM Business Innovation products.A vulnerability has been identified in beat‑access for Windows, a remote access software provided as part of the beat service, which may allow malicious code to be executed from the local environment.

At the time of posting this notice, no attacks exploiting this vulnerability have been confirmed. However, we strongly recommend that customers using beat‑access for Windows promptly update to the latest version (4.0.0 or later).
We apologize for any inconvenience this may cause and appreciate your understanding and cooperation.

Vulnerability Details

The vulnerability exists in beat‑access for Windows provided to customers using the “beat Remote Access Service (Optional).”There is no impact if the software is installed in the default installation folder.

・CVE-2026-21408 (CVSSv4 base score 5.4) : Uncontrolled Search Path Element (CWE‑427)

Affected Versions

・How to Check Version
Start beat‑access for Windows and select
"ヘルプ（H）"→"バージョン情報（A）" from the menu bar. The software version is displayed beneath the software name (e.g., version 3.0.3).

Countermeasure

Customers are strongly recommended to update to the latest version (4.0.0 or later).

・How to Get the Latest Version
From inside the beat‑box LAN:
Log in at http://beat-box.intranet:8080/beatman/ (IP address may be used instead of "beat‑box.intranet").
Navigate to "利用" > "PC 用ソフトウェアのダウンロード" > "ダウンロード" to download the latest software.

From the Internet:
Access the Remote Access Support Page:
https://www.fujifilm.com/fb/support/service/beat/tech/ras

References

CVE-2026-21408

Acknowledgements

We would like to express our gratitude to Mr. Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. for the finding of the vulnerability.

Contact Information

beat Contact Center

Online inquiry form:
https://www.fujifilm.com/fb/cgi‑bin/etc/direct/beat/contact/form.cgi

FAQ:
https://faq01‑fb.fujifilm.com/?site_domain=default