{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2516", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-14T19:41:22.319Z", "datePublished": "2026-02-15T12:02:06.101Z", "dateUpdated": "2026-04-13T06:42:44.784Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T06:42:44.784Z"}, "title": "Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-426", "lang": "en", "description": "Untrusted Search Path"}]}], "affected": [{"vendor": "Unidocs", "product": "ezPDF DRM Reader", "versions": [{"version": "2.0", "status": "affected"}, {"version": "3.0.0.4", "status": "affected"}]}, {"vendor": "Unidocs", "product": "ezPDF Reader", "versions": [{"version": "2.0", "status": "affected"}, {"version": "3.0.0.4", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\""}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-14T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-13T08:47:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "RoyalSnek (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/346107", "name": "VDB-346107 | Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/346107/cti", "name": "VDB-346107 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/736172", "name": "Submit #736172 | Unidocs Inc. ezPDF DRM Reader / ezPDF Reader v3.0.0.4 / v2.0 Uncontrolled Search Path", "tags": ["third-party-advisory"]}, {"url": "https://gofile.me/7bU54/ZG47Lh7Yx", "tags": ["exploit"]}, {"url": "http://www.unidocs.com/programs/ezPDF_DRM_Reader/", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T17:23:23.099624Z", "id": "CVE-2026-2516", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T17:23:29.198Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2516", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-17T17:23:23.099624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T17:23:26.575Z"}}], "cna": {"title": "Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path", "credits": [{"lang": "en", "type": "reporter", "value": "RoyalSnek (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "Unidocs", "product": "ezPDF DRM Reader", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "3.0.0.4"}]}, {"vendor": "Unidocs", "product": "ezPDF Reader", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "3.0.0.4"}]}], "timeline": [{"lang": "en", "time": "2026-02-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-14T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-13T08:47:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/346107", "name": "VDB-346107 | Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/346107/cti", "name": "VDB-346107 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/736172", "name": "Submit #736172 | Unidocs Inc. ezPDF DRM Reader / ezPDF Reader v3.0.0.4 / v2.0 Uncontrolled Search Path", "tags": ["third-party-advisory"]}, {"url": "https://gofile.me/7bU54/ZG47Lh7Yx", "tags": ["exploit"]}, {"url": "http://www.unidocs.com/programs/ezPDF_DRM_Reader/", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "Untrusted Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T06:42:44.784Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2516", "state": "PUBLISHED", "dateUpdated": "2026-04-13T06:42:44.784Z", "dateReserved": "2026-02-14T19:41:22.319Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-15T12:02:06.101Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: \"[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor.\""}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en Unidocs ezPDF DRM Reader y ezPDF Reader 2.0/3.0.0.4 en 32 bits. Esto afecta una parte desconocida en la biblioteca SHFOLDER.dll. Dicha manipulaci\u00f3n conduce a una ruta de b\u00fasqueda incontrolada. El ataque necesita ser realizado localmente. Los ataques de esta naturaleza son altamente complejos. Se indica que la explotabilidad es dif\u00edcil. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser usado. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-2516", "lastModified": "2026-04-13T07:16:45.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-15T13:16:16.423", "references": [{"source": "cna@vuldb.com", "url": "http://www.unidocs.com/programs/ezPDF_DRM_Reader/"}, {"source": "cna@vuldb.com", "url": "https://gofile.me/7bU54/ZG47Lh7Yx"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/736172"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/346107"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/346107/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}, {"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"created": "2026-02-17T08:50:03.340026+00:00", "updated": "2026-02-17T08:50:03.340121+00:00", "vendors": ["unidocs", "unidocs$PRODUCT$ezpdf_drm_reader", "unidocs$PRODUCT$ezpdf_reader"]}