CVE-2026-1995

Received Received - Intake

Privilege Escalation via Insecure File Handling in IDrive Service

Publication date: 2026-03-24

Last updated on: 2026-03-25

Assigner: CERT/CC

Description

IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-24

Last Modified

2026-03-25

Generated

2026-06-16

AI Q&A

2026-03-24

EPSS Evaluated

2026-06-14

NVD

CVE-2026-1995

EUVD

EUVD-2026-14949

Affected Vendors & Products

Vendor	Product	Version / Range
idrive	idrive_cloud_backup_client	to 7.0.0.63 (exc)
idrive	idrive_cloud_backup_client	to 7.0.0.63 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-UNKNOWN

Attack-Flow Graph

Executive Summary

The vulnerability involves the IDrive software's id_service.exe process, which runs with elevated SYSTEM privileges. This process reads from several files located in the C:\ProgramData\IDrive\ directory. These files contain UTF16-LE encoded data that is used as arguments to start another process. However, these files can be modified by any standard user on the system.

Because standard users can edit these files, an attacker can overwrite them to specify a path to an arbitrary executable. When the id_service.exe process reads these manipulated files, it will execute the specified executable with SYSTEM-level privileges, potentially allowing the attacker to run malicious code with the highest level of access on the system.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with standard user access to escalate their privileges to SYSTEM level by executing arbitrary code.

An attacker could gain full control over the affected system.
They could install malware, steal sensitive data, or disrupt system operations.
It undermines the security model by allowing privilege escalation from a low-privileged user to SYSTEM.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-1995. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-1995

Privilege Escalation via Insecure File Handling in IDrive Service

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart