Platform
windows
Component
idrive-cloud-backup-client-for-windows
Fixed in
7.0.0.63
CVE-2026-1995 describes a Privilege Escalation vulnerability affecting IDrive Cloud Backup Client for Windows. This flaw allows standard users to execute arbitrary code with SYSTEM privileges by manipulating files within the IDrive application directory. The vulnerability impacts versions 0 through 7.0.0.63, and a fix is available in version 7.0.0.63.
The impact of CVE-2026-1995 is severe. An attacker with local access to a system running the vulnerable IDrive client can exploit this vulnerability to gain complete control over the system. By overwriting specific files under C:\ProgramData\IDrive\, an attacker can inject and execute malicious code with the privileges of the id_service.exe process, which runs as SYSTEM. This allows for arbitrary command execution, data theft, malware installation, and potentially, lateral movement within the network. The ease of exploitation, requiring only local access and file modification capabilities, significantly broadens the potential attack surface.
CVE-2026-1995 was publicly disclosed on 2026-03-24. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog. The vulnerability's relatively straightforward exploitation pattern suggests a moderate risk of future exploitation, particularly if a readily available proof-of-concept is released.
Exploit Status
EPSS
0.01% (0% percentile)
The primary mitigation for CVE-2026-1995 is to immediately upgrade the IDrive Cloud Backup Client for Windows to version 7.0.0.63 or later. Prior to upgrading, consider backing up critical data as an extra precaution. If upgrading is not immediately feasible, restrict access to the C:\ProgramData\IDrive\ directory to prevent unauthorized modifications. Implement file integrity monitoring to detect any unexpected changes to these files. While a WAF is unlikely to be effective, consider implementing stricter access controls and auditing on the system to detect suspicious activity. After upgrading, verify the fix by attempting to modify the files in C:\ProgramData\IDrive\ and confirming that the id_service.exe process no longer executes the modified code.
Update IDrive Cloud Backup Client for Windows to version 7.0.0.63 or later. This update fixes the privilege escalation vulnerability by correctly validating configuration file inputs.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1995 is a vulnerability in IDrive Cloud Backup Client for Windows allowing standard users to execute code with SYSTEM privileges by modifying files in the application directory.
If you are using IDrive Cloud Backup Client for Windows versions 0 through 7.0.0.63, you are potentially affected by this vulnerability.
Upgrade to IDrive Cloud Backup Client for Windows version 7.0.0.63 or later to mitigate this vulnerability. Restrict access to the C:\ProgramData\IDrive\ directory as a temporary workaround.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1995, but the vulnerability's ease of exploitation warrants caution.
Please refer to the official IDrive security advisory for detailed information and updates regarding CVE-2026-1995.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.