A vulnerability marked as critical has been reported in DriveLock . Impacted is an unknown function. Performing a manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-5487 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-357880 · CVE-2026-5487 · GCVE-0-2026-5487
DRIVELOCK PATH TRAVERSAL
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
5.1 $0-$5k 2.11+
Summaryinfo
A vulnerability described as critical has been identified in DriveLock. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is registered as CVE-2026-5487. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
Detailsinfo
A vulnerability has been found in DriveLock (unknown version) and classified as critical. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality.
The advisory is shared for download at zerodayinitiative.com. This vulnerability was named CVE-2026-5487. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1006.
Upgrading eliminates this vulnerability.
Productinfo
Name
DriveLock
CPE 2.3info
🔒
CPE 2.2info
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Path traversal
CWE: CWE-22
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Timelineinfo
04/16/2026 Advisory disclosed
04/16/2026 +0 days VulDB entry created
04/16/2026 +0 days VulDB entry last update
Sourcesinfo
Advisory: zerodayinitiative.com
Status: Confirmed
CVE: CVE-2026-5487 (🔒)
GCVE (CVE): GCVE-0-2026-5487
GCVE (VulDB): GCVE-100-357880
Entryinfo
Created: 04/16/2026 07:37
Changes: 04/16/2026 07:37 (48)
Complete: 🔍
Cache ID: 99:783:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸