Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-2516
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-15 Feb, 2026 | 12:02
Updated At-15 Feb, 2026 | 12:02
Rejected At-
▼CVE Numbering Authority (CNA)
Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Unidocs
Product
ezPDF DRM Reader
Versions
Affected
  • 2.0
  • 3.0.0.4
Vendor
Unidocs
Product
ezPDF Reader
Versions
Affected
  • 2.0
  • 3.0.0.4
Problem Types
TypeCWE IDDescription
CWECWE-427Uncontrolled Search Path
CWECWE-426Untrusted Search Path
Type: CWE
CWE ID: CWE-427
Description: Uncontrolled Search Path
Type: CWE
CWE ID: CWE-426
Description: Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
4.07.3HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.07.0HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.06.0N/A
AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 6.0
Base severity: N/A
Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
RoyalSnek (VulDB User)
Timeline
EventDate
Advisory disclosed2026-02-14 00:00:00
VulDB entry created2026-02-14 01:00:00
VulDB entry last update2026-02-14 20:47:23
Event: Advisory disclosed
Date: 2026-02-14 00:00:00
Event: VulDB entry created
Date: 2026-02-14 01:00:00
Event: VulDB entry last update
Date: 2026-02-14 20:47:23
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.346107
vdb-entry
https://vuldb.com/?ctiid.346107
signature
permissions-required
https://vuldb.com/?submit.736172
third-party-advisory
https://gofile.me/7bU54/ZG47Lh7Yx
exploit
Hyperlink: https://vuldb.com/?id.346107
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.346107
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.736172
Resource:
third-party-advisory
Hyperlink: https://gofile.me/7bU54/ZG47Lh7Yx
Resource:
exploit
Details not found