CVE-2026-2627
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Softland FBackup versions up to 9.9 contain a symlink following vulnerability in the HID.dll component that allows local attackers with user privileges to read, modify, or delete arbitrary files with elevated permissions. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Softland FBackup and isolate affected instances from production networks if possible; disable remote access to backup management interfaces. Within 7 days: Contact Softland for patch availability estimates and evaluate alternative backup solutions; implement enhanced logging and monitoring of backup system access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today