CVE-2026-2627 is a security vulnerability identified in Softland FBackup versions 9.0 through 9.9, specifically related to an unsafe link following issue within the Microsoft shared library HID.dll located in the path C:\Program Files\Common Files\microsoft shared\ink\. This library is utilized by the backup and restore component of the software. The vulnerability allows an attacker with local access and low privileges to manipulate symbolic links or similar filesystem objects, potentially redirecting backup or restore operations to unintended locations. This can lead to unauthorized access, privilege escalation, or corruption of backup data. The attack does not require user interaction and can be executed with low complexity, making it a significant risk once an attacker gains local access. The vendor was notified early but has not responded or provided patches, and public exploit code is available, increasing the likelihood of exploitation. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) reflects a high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The vulnerability affects a core component of backup software, which is critical for data protection and recovery, thus posing a serious threat to organizational security.

For European organizations, the impact of CVE-2026-2627 is substantial due to the critical role of backup software in maintaining data integrity and availability. Exploitation could allow local attackers to escalate privileges, manipulate backup data, or disrupt restore operations, potentially leading to data loss, unauthorized data disclosure, or prolonged downtime. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government agencies. The presence of public exploits increases the risk of opportunistic attacks, especially in environments where endpoint security or local access controls are weak. Organizations relying on Softland FBackup for critical backups may face operational disruptions and compliance issues if backups are compromised or unavailable during recovery scenarios. The lack of vendor response and patches further exacerbates the risk, necessitating immediate defensive measures.

1. Restrict local access to systems running Softland FBackup to trusted personnel only, employing strict access control policies and least privilege principles. 2. Implement robust endpoint security solutions that monitor for suspicious filesystem activities, particularly symbolic link creation or modification within backup directories. 3. Regularly audit and monitor backup and restore operations for anomalies that could indicate exploitation attempts. 4. Consider isolating backup servers or systems to minimize the attack surface and prevent lateral movement by attackers with local access. 5. Until an official patch is released, evaluate alternative backup solutions or implement compensating controls such as application whitelisting and enhanced logging. 6. Educate IT staff about the vulnerability and the importance of preventing unauthorized local access. 7. Maintain up-to-date backups stored offline or in immutable storage to ensure recovery capability in case of compromise. 8. Engage with Softland or trusted third parties for potential unofficial patches or workarounds if available.