CVE-2026-2627
📋 TL;DR
This vulnerability in Softland FBackup allows local attackers to exploit a link following weakness (CWE-59) in the HID.dll library during backup/restore operations. Attackers could potentially escalate privileges or manipulate file operations. Only users running FBackup up to version 9.9 on Windows systems are affected.
💻 Affected Systems
- Softland FBackup
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation allowing attackers to gain SYSTEM-level access, install malware, or compromise the entire system.
Likely Case
Local attackers could manipulate backup/restore operations to access or modify sensitive files they shouldn't have access to.
If Mitigated
With proper user access controls and limited local user privileges, impact would be restricted to the compromised user's permissions.
🎯 Exploit Status
Exploit requires local access and knowledge of the vulnerability. Public PoC available on GitHub.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available - vendor did not respond to disclosure
Restart Required: No
Instructions:
No official patch available. Consider upgrading to any version above 9.9 if available, or discontinue use of vulnerable versions.
🔧 Temporary Workarounds
Restrict local user privileges
windowsLimit local user accounts to prevent exploitation of the vulnerability
Remove vulnerable DLL permissions
windowsModify permissions on HID.dll to prevent unauthorized access
icacls "C:\Program Files\Common Files\microsoft shared\ink\HID.dll" /deny Everyone:(F)
🧯 If You Can't Patch
- Disable or uninstall FBackup versions 9.9 and below
- Implement strict access controls and monitor for suspicious backup/restore activities
🔍 How to Verify
Check if Vulnerable:
Check FBackup version in Help > About. If version is 9.9 or below, system is vulnerable.Check Version:
Check FBackup GUI or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Softland\FBackup\VersionVerify Fix Applied:
Verify FBackup version is above 9.9, or confirm the software is uninstalled/disabled.📡 Detection & Monitoring
Log Indicators:
- Unusual backup/restore operations by non-admin users
- Access attempts to HID.dll from unexpected processes
Network Indicators:
- Local file system access patterns during backup operations
SIEM Query:
Process creation where parent process contains 'fbackup' and child process accesses sensitive system paths