CVE-2026-2516

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-2516
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.unidocs.com/programs/ezPDF_DRM_Reader/
https://gofile.me/7bU54/ZG47Lh7Yx
https://vuldb.com/submit/736172
https://vuldb.com/vuln/346107
https://vuldb.com/vuln/346107/cti
Configurations

No configuration.

History

13 Apr 2026, 07:16

Type Values Removed Values Added
References
  • {'url': 'https://vuldb.com/?ctiid.346107', 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?id.346107', 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?submit.736172', 'source': 'cna@vuldb.com'}
  • () http://www.unidocs.com/programs/ezPDF_DRM_Reader/ -
  • () https://vuldb.com/submit/736172 -
  • () https://vuldb.com/vuln/346107 -
  • () https://vuldb.com/vuln/346107/cti -
Summary (en) A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

18 Feb 2026, 17:52

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue identificada en Unidocs ezPDF DRM Reader y ezPDF Reader 2.0/3.0.0.4 en 32 bits. Esto afecta una parte desconocida en la biblioteca SHFOLDER.dll. Dicha manipulación conduce a una ruta de búsqueda incontrolada. El ataque necesita ser realizado localmente. Los ataques de esta naturaleza son altamente complejos. Se indica que la explotabilidad es difícil. El exploit está disponible públicamente y podría ser usado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera.

15 Feb 2026, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-15 13:16

Updated : 2026-04-29 01:00

NVD link : CVE-2026-2516

Mitre link : CVE-2026-2516

CVE.ORG link : CVE-2026-2516

JSON object : View

Products Affected

No product.

CWE
CWE-426

Untrusted Search Path

CWE-427

Uncontrolled Search Path Element