CVE-2026-2516 HIGH

CVE-2026-2516: Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

Vendor Unidocs
Product ezPDF DRM Reader
Weakness CWE-427
Published February 15, 2026
Last update April 13, 2026

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

Key dates

02Disclosure timeline

February 15, 2026 CVE published
April 13, 2026 Record updated