Critical IDrive Vulnerability Allows Privilege Escalation on Windows

Severity: High (Score: 70.5)

Sources: Cybersecuritynews, Gbhackers, Kb.Cert

Summary

A critical vulnerability, tracked as CVE-2026-1995, has been discovered in the IDrive Cloud Backup Client for Windows, affecting versions 7.0.0.63 and earlier. This flaw allows authenticated low-privilege users to execute arbitrary code with SYSTEM-level permissions, potentially compromising the entire device. The vulnerability arises from weak permission settings on files within the C:\ProgramData\IDrive directory, enabling attackers to overwrite or add files that the id_service.exe process executes with elevated privileges. Currently, there is no patch available, but IDrive has confirmed that a security update is in development. Organizations are advised to restrict write permissions on the affected directory and implement monitoring solutions to detect unauthorized changes. The vulnerability poses significant risks, including data theft and system modification. Security teams should remain vigilant until a patch is released. Key Points: • CVE-2026-1995 allows local privilege escalation for authenticated users on IDrive Windows client. • Weak permissions on C:\ProgramData\IDrive enable arbitrary code execution with SYSTEM privileges. • No patch is currently available; users should restrict directory permissions and monitor for changes.

Key Entities

• Malware (attack_type)
• Privilege Escalation (attack_type)
• Ransomware (attack_type)
• CVE-2026-1995 (cve)
• Kiss Loader (malware)
• Torg Grabber (malware)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Windows (platform)