{"api_version":"1","generated_at":"2026-04-24T03:22:50+00:00","cve":"CVE-2026-2516","urls":{"html":"https://cve.report/CVE-2026-2516","api":"https://cve.report/api/cve/CVE-2026-2516.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-2516","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-2516"},"summary":{"title":"Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path","description":"A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\"","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-02-15 13:16:16","updated_at":"2026-04-13 07:16:45"},"problem_types":["CWE-426","CWE-427","CWE-427 Uncontrolled Search Path","CWE-426 Untrusted Search Path"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"7.3","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"7.3","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","data":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","data":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"7","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","data":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"6","severity":"","vector":"AV:L/AC:H/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C","baseScore":6,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"6","severity":"","vector":"AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C","data":{"baseScore":6,"vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/346107","name":"https://vuldb.com/vuln/346107","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/736172","name":"https://vuldb.com/submit/736172","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gofile.me/7bU54/ZG47Lh7Yx","name":"https://gofile.me/7bU54/ZG47Lh7Yx","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.unidocs.com/programs/ezPDF_DRM_Reader/","name":"http://www.unidocs.com/programs/ezPDF_DRM_Reader/","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/346107/cti","name":"https://vuldb.com/vuln/346107/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-2516","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2516","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Unidocs","product":"ezPDF DRM Reader","version":"affected 2.0","platforms":[]},{"source":"CNA","vendor":"Unidocs","product":"ezPDF DRM Reader","version":"affected 3.0.0.4","platforms":[]},{"source":"CNA","vendor":"Unidocs","product":"ezPDF Reader","version":"affected 2.0","platforms":[]},{"source":"CNA","vendor":"Unidocs","product":"ezPDF Reader","version":"affected 3.0.0.4","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-02-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-02-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-04-13T08:47:28.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"RoyalSnek (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"2516","cve":"CVE-2026-2516","epss":"0.000140000","percentile":"0.023870000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:57"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-2516","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-02-17T17:23:23.099624Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-17T17:23:29.198Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"ezPDF DRM Reader","vendor":"Unidocs","versions":[{"status":"affected","version":"2.0"},{"status":"affected","version":"3.0.0.4"}]},{"product":"ezPDF Reader","vendor":"Unidocs","versions":[{"status":"affected","version":"2.0"},{"status":"affected","version":"3.0.0.4"}]}],"credits":[{"lang":"en","type":"reporter","value":"RoyalSnek (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\""}],"metrics":[{"cvssV4_0":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":6,"vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"Uncontrolled Search Path","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-426","description":"Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-13T06:42:44.784Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-346107 | Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/346107"},{"name":"VDB-346107 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/346107/cti"},{"name":"Submit #736172 | Unidocs Inc. ezPDF DRM Reader / ezPDF Reader v3.0.0.4 / v2.0 Uncontrolled Search Path","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/736172"},{"tags":["exploit"],"url":"https://gofile.me/7bU54/ZG47Lh7Yx"},{"tags":["patch"],"url":"http://www.unidocs.com/programs/ezPDF_DRM_Reader/"}],"timeline":[{"lang":"en","time":"2026-02-14T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-02-14T01:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-04-13T08:47:28.000Z","value":"VulDB entry last update"}],"title":"Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-2516","datePublished":"2026-02-15T12:02:06.101Z","dateReserved":"2026-02-14T19:41:22.319Z","dateUpdated":"2026-04-13T06:42:44.784Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-15 13:16:16","lastModifiedDate":"2026-04-13 07:16:45","problem_types":["CWE-426","CWE-427","CWE-427 Uncontrolled Search Path","CWE-426 Untrusted Search Path"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C","baseScore":6,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":1.5,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"2516","Ordinal":"1","Title":"Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled ","CVE":"CVE-2026-2516","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"2516","Ordinal":"1","NoteData":"A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\"","Type":"Description","Title":"Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled "}]}}}