Which versions of Softland FBackup are affected by CVE-2026-2627?

Softland FBackup versions 9.9 and earlier contain a privilege escalation vulnerability exploitable by local authenticated users through symbolic link manipulation, with publicly available…

Is there a public PoC exploit available for CVE-2026-2627?

Yes, a public proof-of-concept exploit is available for CVE-2026-2627. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-2627?

Within 24 hours: inventory all Softland FBackup installations and document version numbers and deployment scope. Within 7 days: evaluate upgrade feasibility to FBackup 10.0 or later if available; if unavailable, restrict local system access to trusted administrators only and implement file system monitoring on backup directories. Within 30 days: complete migration to alternative backup software if vendor patch remains unavailable, or establish a formal risk acceptance for FBackup deployments with documented compensating controls.

Softland FBackup CVE-2026-2627

Q: What is the CVSS score of CVE-2026-2627?

CVE-2026-2627 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Improper Link Resolution Before File Access (CWE-59)

2026-02-17 cna@vuldb.com

Information Disclosure Microsoft

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:38 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:11 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.8 (HIGH) 7.1 (HIGH)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 18, 2026 - 17:51 vuln.today

Public exploit code

CVE Published

Feb 17, 2026 - 22:18 nvd

HIGH 7.8

DescriptionCVE.org

A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Link following vulnerability in Softland FBackup 9.9 and earlier allows local authenticated attackers to escalate privileges by manipulating symbolic links processed by the HID.dll library during backup or restore operations. Public exploit code is available via GitHub, but EPSS score remains extremely low (0.01%) and no active exploitation has been reported. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local user access

Delivery

Create symlink in backup path

Exploit

Wait for scheduled backup/restore

Execution

FBackup follows symlink with elevated privileges

Persist

Write/read files in privileged location

Impact

Escalate to SYSTEM or exfiltrate sensitive data