A vulnerability described as critical has been identified in DriveLock . The affected element is an unknown function. Executing a manipulation can lead to sql injection. This vulnerability is registered as CVE-2026-5490 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-357881 · CVE-2026-5490 · GCVE-0-2026-5490
DRIVELOCK SQL INJECTION
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
6.0 $0-$5k 1.84+
Summaryinfo
A vulnerability classified as critical has been found in DriveLock. The impacted element is an unknown function. The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-5490. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
Detailsinfo
A vulnerability was found in DriveLock (version now known) and classified as critical. This issue affects some unknown processing. The manipulation with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability.
The advisory is shared at zerodayinitiative.com. The identification of this vulnerability is CVE-2026-5490. The exploitation is known to be easy. The attack may be initiated remotely. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1505 for this issue.
Upgrading eliminates this vulnerability.
Productinfo
Name
DriveLock
CPE 2.3info
🔒
CPE 2.2info
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Sql injection
CWE: CWE-89 / CWE-74 / CWE-707
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Timelineinfo
04/16/2026 Advisory disclosed
04/16/2026 +0 days VulDB entry created
04/16/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: zerodayinitiative.com
Status: Confirmed
CVE: CVE-2026-5490 (🔒)
GCVE (CVE): GCVE-0-2026-5490
GCVE (VulDB): GCVE-100-357881
Entryinfo
Created: 04/16/2026 07:37
Changes: 04/16/2026 07:37 (48)
Complete: 🔍
Cache ID: 99:4BC:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸