ZDI 2026-04-15

ZDI-26-286: DriveLock SQL Injection Privilege Escalation Vulnerability

CVE-2026-5490

Machine-generated analysis · WAYSCloud LLM

Authentication is required to exploit this SQL injection vulnerability in DriveLock, which could lead to privilege escalation.

Context

The affected product is DriveLock, a security software solution. The vulnerability is a SQL injection that allows privilege escalation on affected installations. Authentication is required to exploit the vulnerability, as stated in the advisory. The ZDI has assigned a CVSS score of 8.8, indicating high severity based on their metric.

Operator considerations

Check: Verify if DriveLock is deployed in your environment and identify the version in use.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to escalate privileges on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-5490.

Read the full advisory on ZDI →