Critical SQL Injection Flaw in DriveLock Allows Privilege Escalation
A critical SQL injection vulnerability in DriveLock's web service allows authenticated attackers to escalate privileges via SQL injection, with a CVSS score of 8.8.
A critical SQL injection vulnerability has been disclosed in DriveLock, a widely used endpoint security and device control solution. Tracked as CVE-2026-04-15T05:00:00Z, the flaw resides in the DriveLock web service, which listens on TCP port 4568 by default. An authenticated remote attacker can exploit this vulnerability to escalate privileges, gaining access to resources normally protected from the user.
The vulnerability stems from improper validation of user-supplied strings before they are used to construct SQL queries. This lack of input sanitization allows an attacker to inject malicious SQL commands, potentially leading to unauthorized data access, modification, or privilege escalation. The issue was discovered by researcher stuxxn and reported to DriveLock on2026-02-06.
DriveLock has issued an update to address the vulnerability, as detailed in their security bulletin. The flaw carries a CVSS score of 8.8, indicating high severity with a network attack vector, low attack complexity, and no user interaction required. The impact on confidentiality, integrity, and availability is rated as high.
DriveLock is commonly deployed in enterprise environments to manage and enforce device control policies, such as USB device restrictions and data encryption. A successful exploit could allow an attacker to bypass these controls, potentially exfiltrating sensitive data or installing malware. The vulnerability is particularly concerning because it requires only low-level authentication, making it accessible to many users within an organization.
While there is no evidence of active exploitation in the wild at the time of disclosure, the coordinated public release of the advisory on2026-04-15 means that technical details are now available to the broader security community. Organizations using DriveLock are strongly advised to apply the available update immediately and review their security configurations for the affected web service.
This disclosure highlights the ongoing challenge of SQL injection vulnerabilities, which remain a persistent threat despite decades of awareness. The flaw in DriveLock serves as a reminder that even security-focused software can contain critical weaknesses, and that timely patching is essential to maintaining a strong security posture.