Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability by Softland

CVE-2026-2627 (GCVE-0-2026-2627)

Vulnerability from cvelistv5 – Published: 2026-02-17 21:32 – Updated: 2026-02-18 20:37

Title

Softland FBackup Backup/Restore HID.dll link following

Summary

A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

CWE

CWE-59 - Link Following

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.346279	vdb-entry
	https://vuldb.com/?ctiid.346279	signaturepermissions-required
	https://vuldb.com/?submit.752050	third-party-advisory
	https://github.com/thezdi/PoC/tree/main/FilesystemEoPs	exploit

Impacted products

	Vendor	Product	Version
	Softland	FBackup	Affected: 9.0 Affected: 9.1 Affected: 9.2 Affected: 9.3 Affected: 9.4 Affected: 9.5 Affected: 9.6 Affected: 9.7 Affected: 9.8 Affected: 9.9

Credits

Zeze7w (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2627",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T20:37:12.888790Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T20:37:24.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Backup/Restore"
          ],
          "product": "FBackup",
          "vendor": "Softland",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            },
            {
              "status": "affected",
              "version": "9.2"
            },
            {
              "status": "affected",
              "version": "9.3"
            },
            {
              "status": "affected",
              "version": "9.4"
            },
            {
              "status": "affected",
              "version": "9.5"
            },
            {
              "status": "affected",
              "version": "9.6"
            },
            {
              "status": "affected",
              "version": "9.7"
            },
            {
              "status": "affected",
              "version": "9.8"
            },
            {
              "status": "affected",
              "version": "9.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zeze7w (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\\Program Files\\Common Files\\microsoft shared\\ink\\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Link Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T21:32:06.630Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-346279 | Softland FBackup Backup/Restore HID.dll link following",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.346279"
        },
        {
          "name": "VDB-346279 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.346279"
        },
        {
          "name": "Submit #752050 | SOFTLAND FBackup 9.9 Link Following",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.752050"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/thezdi/PoC/tree/main/FilesystemEoPs"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-17T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-17T14:29:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Softland FBackup Backup/Restore HID.dll link following"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2627",
    "datePublished": "2026-02-17T21:32:06.630Z",
    "dateReserved": "2026-02-17T13:24:38.763Z",
    "dateUpdated": "2026-02-18T20:37:24.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}