{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1995", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-05T16:44:28.604Z", "datePublished": "2026-03-24T18:00:15.664Z", "dateUpdated": "2026-03-25T13:14:39.639Z"}, "containers": {"cna": {"title": "IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability", "descriptions": [{"lang": "en", "value": "IDrive\u2019s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\\ProgramData\\IDrive\\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "IDrive", "product": "IDrive Cloud Backup Client for Windows", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.0.63", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/330121"}], "x_generator": {"engine": "VINCE 3.0.34", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-1995"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-24T18:00:15.664Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/330121"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-24T19:24:11.136Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T03:56:04.847305Z", "id": "CVE-2026-1995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:14:39.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T03:56:04.847305Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-25T13:14:36.624Z"}}], "cna": {"title": "IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "IDrive", "product": "IDrive Cloud Backup Client for Windows", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.0.63", "versionType": "custom"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/330121"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.34", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-1995"}, "descriptions": [{"lang": "en", "value": "IDrive\u2019s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\\ProgramData\\IDrive\\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-24T18:00:15.664Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1995", "state": "PUBLISHED", "dateUpdated": "2026-03-24T19:24:11.136Z", "dateReserved": "2026-02-05T16:44:28.604Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-24T18:00:15.664Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IDrive\u2019s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\\ProgramData\\IDrive\\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges."}], "id": "CVE-2026-1995", "lastModified": "2026-03-25T15:41:58.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-24T19:16:49.033", "references": [{"source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/330121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/330121"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.0.0.63)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "IDrive Cloud Backup Client for Windows", "source": "cna", "vendor": "IDrive"}, "product": "idrive_cloud_backup_client_for_windows", "vendor": "idrive"}], "analysis": {"en": {"generated_at": "2026-03-25T15:25:11.307883+00:00", "value": {"mitigation_remediation": ["Apply the latest update or patch for IDrive Cloud Backup Client for Windows that removes the privilege escalation path.", "If a patch is not yet available, restrict file permissions on the C:\\ProgramData\\IDrive directory to deny write access to standard users, so that only the SYSTEM account can modify the monitored files.", "Consider disabling or stopping the id_service.exe process if the backup service is not required for the environment."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "IDrive Cloud Backup Client for Windows (all versions that install id_service.exe and use the ProgramData\\IDrive directory). No specific version range was published, so all current releases with the described behavior are considered vulnerable.", "description_and_impact": "The vulnerability allows a local user to write arbitrary files into the IDrive Cloud Backup Client\u2019s data directory. The id_service.exe process, which runs with SYSTEM privileges, reads UTF\u201116 encoded strings from those files to build command line arguments for launching processes. By editing the files, an attacker can specify the path of any executable, which will then be executed under SYSTEM rights. This results in unchecked code execution with the highest privilege level on the host, compromising confidentiality, integrity, and availability of the system.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high impact vulnerability, and the EPSS score of less than 1% suggests a comparatively low probability of exploitation in the wild. The vulnerability is not yet listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires a local user session with write permission to C:\\ProgramData\\IDrive; the attacker can then place any executable in the monitored files and cause it to run with SYSTEM privileges. The attack vector is inferred to be local, with no disclosed remote code execution path. Overall, the risk is significant because an attacker who can log onto the machine or inject files via an application can achieve full system compromise."}}}}, "created": "2026-03-25T11:46:50.443444+00:00", "updated": "2026-03-25T20:49:35.563441+00:00", "vendors": ["idrive", "idrive$PRODUCT$idrive_cloud_backup_client_for_windows"]}