RVI-2026-0001

Summary

Unidocs ezPDF DRM Reader/ezPDF Reader 2.0/3.0.0.4 on 32-bit SHFOLDER.dll uncontrolled search path

A vulnerability, which was classified as critical, was found in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit (Document Management Software). This affects some unknown processing in the library SHFOLDER.dll. The manipulation with an unknown input leads to a uncontrolled search path vulnerability. CWE is classifying the issue as CWE-427. The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. This is going to have an impact on confidentiality, integrity, and availability. It is possible to read the advisory at gofile.me. This vulnerability is uniquely identified as CVE-2026-2516. The exploitability is told to be difficult. Attacking locally is a requirement. Technical details and a public exploit are known. The attack technique deployed by this issue is T1574 according to MITRE ATT&CK. The exploit is shared for download at gofile.me. It is declared as proof-of-concept. The vendor was contacted early about this disclosure but did not respond in any way. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-5829). The entries VDB-344404 and VDB-344414 are pretty similar.