CVE-2026-2516
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Unidocs ezPDF DRM/Reader versions 2.0 and 3.0.0.4 on 32-bit systems contain an untrusted search path vulnerability in SHFOLDER.dll that could allow a local attacker with limited privileges to achieve arbitrary code execution through DLL hijacking. Public exploit code exists for this vulnerability, though exploitation is complex and requires local access. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running ezPDF DRM Reader or ezPDF Reader 2.0/3.0.0.4 on 32-bit platforms and document inventory. Within 7 days: Evaluate business criticality of affected systems and implement network segmentation to isolate high-risk endpoints; consider disabling the application where feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today