CVE-2026-2516 - Vulnerability Details

- Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

Description

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

Published: 2026-02-15

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in an undocumented section of SHFOLDER.dll in Unidocs ezPDF DRM Reader and ezPDF Reader allows an attacker who can execute code locally to manipulate the DLL search path. Such manipulation can cause the loader to load an attacker‑supplied module, granting arbitrary execution. The vulnerability is classified under CWE‑426 and CWE‑427 and is considered difficult to exploit, yet publicly available exploits exist.

Affected Systems

The flaw affects Unidocs ezPDF DRM Reader and Unidocs ezPDF Reader 2.0 as well as version 3.0.0.4. Users running these products with the current SHFOLDER.dll package are susceptible until the vendor releases an update.

Risk and Exploitability

With a CVSS score of 7.3, this issue presents a moderate to high risk when a local attacker gains foothold. The EPSS score is below 1 % and the vulnerability is not yet listed in the CISA KEV catalog, but the availability of a public exploit and the potential for local code execution keep its threat significant. Attackers need local access and the exploit complexity is high, but once executed the impact can be full system compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Unidocs

ezPDF DRM Reader

affected

Version	Status	Constraints
`2.0`	affected	—
`3.0.0.4`	affected	—

Unidocs

ezPDF Reader

affected

Version	Status	Constraints
`2.0`	affected	—
`3.0.0.4`	affected	—

No data.

Vendor Product Confidence Versions

Unidocs

Ezpdf Drm Reader

—

Version	Status	Scheme	Platform
`2.0`	affected	generic	—
`3.0.0.4`	affected	generic	—

Unidocs

Ezpdf Reader

—

Version	Status	Scheme	Platform
`2.0`	affected	generic	—
`3.0.0.4`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Unidocs ezPDF DRM Reader or ezPDF Reader to the latest vendor‑supplied version that addresses the DLL search path issue
Remove or neutralise any untrusted directories from the system PATH and any other search order that could be used by the loader to locate SHFOLDER.dll or other DLLs
Limit local user privileges so that only trusted accounts can run the application, preventing local attackers from uploading malicious DLLs into the search path

Generated by OpenCVE AI on April 15, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
http://www.unidocs.com/programs/ezPDF_DRM_Reader/
https://gofile.me/7bU54/ZG47Lh7Yx
https://vuldb.com/submit/736172
https://vuldb.com/vuln/346107
https://vuldb.com/vuln/346107/cti

History

Mon, 13 Apr 2026 07:30:00 +0000

Type	Values Removed	Values Added
References	https://vuldb.com/?ctiid.346107 https://vuldb.com/?id.346107 https://vuldb.com/?submit.736172

Mon, 13 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."
References		http://www.unidocs.com/programs/ezPDF_DRM_Reader/ https://vuldb.com/submit/736172 https://vuldb.com/vuln/346107 https://vuldb.com/vuln/346107/cti
Metrics	cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}`	cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}`

Tue, 17 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Feb 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Unidocs Unidocs ezpdf Drm Reader Unidocs ezpdf Reader
Vendors & Products		Unidocs Unidocs ezpdf Drm Reader Unidocs ezpdf Reader

Sun, 15 Feb 2026 12:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path
Weaknesses		CWE-426 CWE-427
References		https://gofile.me/7bU54/ZG47Lh7Yx https://vuldb.com/?ctiid.346107 https://vuldb.com/?id.346107 https://vuldb.com/?submit.736172
Metrics		cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Unidocs Ezpdf Drm Reader Ezpdf Reader

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-15T12:02:06.101Z

Updated: 2026-04-13T06:42:44.784Z

Reserved: 2026-02-14T19:41:22.319Z

Link: CVE-2026-2516

Vulnrichment

Updated: 2026-02-17T17:23:26.575Z

NVD

Status : Deferred

Published: 2026-02-15T13:16:16.423

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2516

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T17:30:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object