Skip to main content

Idrive Cloud Backup Client For Windows

1 CVEs product

Monthly

CVE-2026-1995 HIGH PATCH This Week

IDrive's id_service.exe process, which runs with SYSTEM-level privileges on Windows systems, is vulnerable to privilege escalation and arbitrary code execution due to insecure file handling. The vulnerability affects IDrive Cloud Backup Client for Windows across multiple versions, as the elevated service process reads UTF16-LE encoded configuration files from C:\ProgramData\IDrive\ that are writable by standard unprivileged users. An attacker with local user access can modify these files to inject arbitrary executable paths, causing id_service.exe to execute malicious code with SYSTEM privileges, resulting in complete system compromise. While CVSS and EPSS scores are not available, this represents a critical local privilege escalation vector with trivial exploitability due to the file write permissions on the ProgramData directory.

RCE Idrive Cloud Backup Client For Windows
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IDrive's id_service.exe process, which runs with SYSTEM-level privileges on Windows systems, is vulnerable to privilege escalation and arbitrary code execution due to insecure file handling. The vulnerability affects IDrive Cloud Backup Client for Windows across multiple versions, as the elevated service process reads UTF16-LE encoded configuration files from C:\ProgramData\IDrive\ that are writable by standard unprivileged users. An attacker with local user access can modify these files to inject arbitrary executable paths, causing id_service.exe to execute malicious code with SYSTEM privileges, resulting in complete system compromise. While CVSS and EPSS scores are not available, this represents a critical local privilege escalation vector with trivial exploitability due to the file write permissions on the ProgramData directory.

RCE Idrive Cloud Backup Client For Windows
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy