CVE-2026-2627
Received Received - Intake
Local Link Following Vulnerability in Softland FBackup HID.dll

Publication date: 2026-02-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2627
EUVD
EUVD-2026-7654
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
softland fbackup to 9.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw found in Softland FBackup versions up to 9.9. It affects an unknown function within the HID.dll library located in the Microsoft shared ink directory. The flaw involves link following manipulation, which means an attacker can exploit symbolic links or similar mechanisms to redirect or manipulate file operations.

The attack requires local access to the system, meaning the attacker must have some level of access to the affected machine to exploit the vulnerability. The exploit code has been publicly released, increasing the risk of attacks.

Impact Analysis

This vulnerability can have a significant impact as it allows an attacker with local access to manipulate link following in the affected component. According to the CVSS scores, it can lead to complete confidentiality, integrity, and availability compromise of the system.

  • Confidentiality impact: High
  • Integrity impact: High
  • Availability impact: High

Because the exploit is publicly available, attackers can use it to gain unauthorized access, modify data, or disrupt backup and restore operations, potentially causing data loss or system downtime.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart