CVE-2026-2516

HIGH 7.0

Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

CVSS Score

7.0

EPSS Score

0.0%

EPSS Percentile

2th

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor."

CWE	CWE-427 CWE-426
Vendor	unidocs
Product	ezpdf drm reader
Published	Feb 15, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for unidocs ezpdf drm reader

Be the first to know when new high vulnerabilities affecting unidocs ezpdf drm reader are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Unidocs / ezPDF DRM Reader

2.0 3.0.0.4

Unidocs / ezPDF Reader

2.0 3.0.0.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/346107 vuldb.com: https://vuldb.com/vuln/346107/cti vuldb.com: https://vuldb.com/submit/736172 gofile.me: https://gofile.me/7bU54/ZG47Lh7Yx unidocs.com: http://www.unidocs.com/programs/ezPDF_DRM_Reader/

Credits

🔍 RoyalSnek (VulDB User) VulDB CNA Team