Critical IDrive Vulnerability Allows Privilege Escalation on Windows

Critical IDrive Vulnerability Allows Privilege Escalation on Windows

First seen 26 Mar 2026, 10:16 UTC Kb.CertGbhackersCybersecuritynews 90% similarity 70.5

Article Content

Browse articles
ThreatCluster

A critical vulnerability, tracked as CVE-2026-1995, has been discovered in the IDrive Cloud Backup Client for Windows, affecting versions 7.0.0.63 and earlier. This flaw allows authenticated low-privilege users to execute arbitrary code with SYSTEM-level permissions, potentially compromising the entire device. The vulnerability arises from weak permission settings on files within the C:\ProgramData\IDrive directory, enabling attackers to overwrite or add files that the id_service.exe process executes with elevated privileges. Currently, there is no patch available, but IDrive has confirmed that a security update is in development. Organizations are advised to restrict write permissions on the affected directory and implement monitoring solutions to detect unauthorized changes. The vulnerability poses significant risks, including data theft and system modification. Security teams should remain vigilant until a patch is released.

Key Points: • CVE-2026-1995 allows local privilege escalation for authenticated users on IDrive Windows client. • Weak permissions on C:\ProgramData\IDrive enable arbitrary code execution with SYSTEM privileges. • No patch is currently available; users should restrict directory permissions and monitor for changes.

ThreatCluster AI

Timeline

2026-03-24
CVE-2026-1995 published
2026-03-24
IDrive vulnerability reported by Kb.Cert
2026-03-26
GBhackers published articles on the vulnerability

Community

Browse all →