CVE-2026-2516: Uncontrolled Search Path in Unidocs ezPDF DRM Reader
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2026-2516 is a vulnerability affecting Unidocs ezPDF DRM Reader versions 2.0 and 3.0.0.4 on 32-bit platforms. The root cause is an uncontrolled search path issue within the SHFOLDER.dll library, which is used by the application. This flaw allows an attacker with local access and limited privileges to manipulate the DLL search path, potentially causing the application to load malicious DLLs. The attack does not require user interaction but demands local presence and elevated privileges, making exploitation complex. The vulnerability has a CVSS 4.0 score of 7.3, indicating high severity, with high impact on confidentiality, integrity, and availability. Although no patches or vendor responses are available, a public exploit exists, increasing the risk of exploitation. The vulnerability could lead to arbitrary code execution, privilege escalation, or system compromise. The lack of vendor engagement and patch availability necessitates immediate defensive measures by organizations using the affected software.
Potential Impact
The vulnerability poses a significant risk to organizations using Unidocs ezPDF DRM Reader 2.0 and 3.0.0.4 on 32-bit systems. Successful exploitation could allow attackers with local access to execute arbitrary code with elevated privileges, potentially leading to full system compromise. This could result in unauthorized data access, modification, or destruction, impacting confidentiality, integrity, and availability of critical information. The complexity of the attack limits widespread exploitation but the availability of a public exploit increases the threat. Organizations relying on this software for document management or DRM enforcement may face operational disruptions, data breaches, or lateral movement within networks. The absence of vendor patches prolongs exposure and increases the window for attackers to exploit this vulnerability.
Mitigation Recommendations
Organizations should immediately restrict local access to systems running affected versions of ezPDF DRM Reader to trusted users only. Employ application whitelisting and endpoint protection solutions capable of detecting or blocking unauthorized DLL loading or path manipulation. Monitor systems for unusual DLL load behavior and local privilege escalation attempts. Consider isolating or sandboxing affected applications to limit potential damage. If possible, upgrade to newer, unaffected versions or alternative PDF readers that do not exhibit this vulnerability. In the absence of vendor patches, implement strict access controls, enforce least privilege principles, and conduct regular audits of local user activities. Additionally, educate users about the risks of local exploitation and maintain up-to-date backups to recover from potential compromises.
Affected Countries
United States, South Korea, Japan, Germany, United Kingdom, France, Canada, Australia, China, India
CVE-2026-2516: Uncontrolled Search Path in Unidocs ezPDF DRM Reader
Description
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-2516 is a vulnerability affecting Unidocs ezPDF DRM Reader versions 2.0 and 3.0.0.4 on 32-bit platforms. The root cause is an uncontrolled search path issue within the SHFOLDER.dll library, which is used by the application. This flaw allows an attacker with local access and limited privileges to manipulate the DLL search path, potentially causing the application to load malicious DLLs. The attack does not require user interaction but demands local presence and elevated privileges, making exploitation complex. The vulnerability has a CVSS 4.0 score of 7.3, indicating high severity, with high impact on confidentiality, integrity, and availability. Although no patches or vendor responses are available, a public exploit exists, increasing the risk of exploitation. The vulnerability could lead to arbitrary code execution, privilege escalation, or system compromise. The lack of vendor engagement and patch availability necessitates immediate defensive measures by organizations using the affected software.
Potential Impact
The vulnerability poses a significant risk to organizations using Unidocs ezPDF DRM Reader 2.0 and 3.0.0.4 on 32-bit systems. Successful exploitation could allow attackers with local access to execute arbitrary code with elevated privileges, potentially leading to full system compromise. This could result in unauthorized data access, modification, or destruction, impacting confidentiality, integrity, and availability of critical information. The complexity of the attack limits widespread exploitation but the availability of a public exploit increases the threat. Organizations relying on this software for document management or DRM enforcement may face operational disruptions, data breaches, or lateral movement within networks. The absence of vendor patches prolongs exposure and increases the window for attackers to exploit this vulnerability.
Mitigation Recommendations
Organizations should immediately restrict local access to systems running affected versions of ezPDF DRM Reader to trusted users only. Employ application whitelisting and endpoint protection solutions capable of detecting or blocking unauthorized DLL loading or path manipulation. Monitor systems for unusual DLL load behavior and local privilege escalation attempts. Consider isolating or sandboxing affected applications to limit potential damage. If possible, upgrade to newer, unaffected versions or alternative PDF readers that do not exhibit this vulnerability. In the absence of vendor patches, implement strict access controls, enforce least privilege principles, and conduct regular audits of local user activities. Additionally, educate users about the risks of local exploitation and maintain up-to-date backups to recover from potential compromises.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-02-14T19:41:22.319Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6991bc8d4b0e3abdf95c3022
Added to database: 2/15/2026, 12:31:09 PM
Last enriched: 3/2/2026, 6:40:51 AM
Last updated: 4/3/2026, 9:06:09 AM
Views: 148
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.