ZDI 2026-04-15

ZDI-26-288: DriveLock Directory Traversal Information Disclosure Vulnerability

CVE-2026-5492

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires authentication and allows remote attackers to disclose sensitive information via a directory traversal flaw in DriveLock.

Context

DriveLock is affected by a directory traversal vulnerability that enables information disclosure. The advisory states that authentication is required to exploit the vulnerability. The ZDI assigned a CVSS rating of 6.5, indicating a medium severity impact. Worth noting that the vulnerability is remotely exploitable but not anonymously.

Operator considerations

Check: Determine if DriveLock is deployed and identify the version in use.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-5492.

Read the full advisory on ZDI →