CVE-2026-2516: Uncontrolled Search Path in Unidocs ezPDF DRM Reader
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."
AI Analysis
Technical Summary
This vulnerability in Unidocs ezPDF DRM Reader affects the handling of the SHFOLDER.dll library, leading to an uncontrolled search path condition. This can allow a local attacker with limited privileges to manipulate the DLL search path, potentially causing the application to load malicious DLLs. Exploitation requires local access and is considered highly complex. The vendor has previously mitigated similar DLL search path vulnerabilities through security updates and advises users to upgrade to the latest software version to address this issue. No specific patch or update version is detailed in the provided information.
Potential Impact
If exploited, this vulnerability could allow a local attacker to execute arbitrary code or escalate privileges by controlling the DLL search path used by the application. However, the attack complexity is high, and no known exploits are reported in the wild. The impact is rated high due to the potential for code execution and privilege escalation.
Mitigation Recommendations
The vendor recommends upgrading to the latest version of Unidocs ezPDF DRM Reader, as similar DLL search path vulnerabilities have been addressed in prior security updates. Since no direct patch link is provided, users should consult the vendor's official resources for the most recent version. No additional mitigation steps are specified. Patch status is not explicitly confirmed; users should verify with the vendor advisory for current remediation guidance.
CVE-2026-2516: Uncontrolled Search Path in Unidocs ezPDF DRM Reader
Description
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Unidocs ezPDF DRM Reader affects the handling of the SHFOLDER.dll library, leading to an uncontrolled search path condition. This can allow a local attacker with limited privileges to manipulate the DLL search path, potentially causing the application to load malicious DLLs. Exploitation requires local access and is considered highly complex. The vendor has previously mitigated similar DLL search path vulnerabilities through security updates and advises users to upgrade to the latest software version to address this issue. No specific patch or update version is detailed in the provided information.
Potential Impact
If exploited, this vulnerability could allow a local attacker to execute arbitrary code or escalate privileges by controlling the DLL search path used by the application. However, the attack complexity is high, and no known exploits are reported in the wild. The impact is rated high due to the potential for code execution and privilege escalation.
Mitigation Recommendations
The vendor recommends upgrading to the latest version of Unidocs ezPDF DRM Reader, as similar DLL search path vulnerabilities have been addressed in prior security updates. Since no direct patch link is provided, users should consult the vendor's official resources for the most recent version. No additional mitigation steps are specified. Patch status is not explicitly confirmed; users should verify with the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-02-14T19:41:22.319Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6991bc8d4b0e3abdf95c3022
Added to database: 2/15/2026, 12:31:09 PM
Last enriched: 4/13/2026, 11:15:27 AM
Last updated: 5/20/2026, 5:05:28 PM
Views: 220
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.