DriveLock Web Service Vulnerability CVE-2026-5492 Allows Directory Traversal Information Disclosure
A directory traversal vulnerability in DriveLock's web service, tracked as CVE-2026-5492, allows authenticated remote attackers to read arbitrary files from the server, potentially exposing sensitive configuration data and credentials.
A directory traversal vulnerability in DriveLock's web service, tracked as CVE-2026-5492, allows authenticated remote attackers to read arbitrary files from the server, potentially exposing sensitive configuration data and credentials.
The vulnerability resides in the DriveLock web service, which listens on TCP port 4568 by default. The flaw stems from improper validation of user-supplied paths in file operations, enabling an attacker to traverse directories and read files outside the intended scope. According to the advisory published by Zero Day Initiative (ZDI-26-288), authentication is required to exploit this issue, but once authenticated, an attacker can leverage the flaw to disclose sensitive information in the context of the service account.
DriveLock is a widely used endpoint security and device control solution deployed across enterprise environments, particularly in sectors such as government, finance, and healthcare where strict data loss prevention policies are enforced. The vulnerability could allow an attacker with valid credentials to extract configuration files, encryption keys, or other sensitive data stored on the server, potentially leading to further compromise of the infrastructure.
The vulnerability was reported to DriveLock by researcher stuxxn on February 6, 2026, and the coordinated public release of the advisory occurred on April 15, 2026. DriveLock has issued a security update to address the issue, which is available through their security bulletin portal at https://www.drivelock.help/sb/Content/SecurityBulletins/26-003-PathValidation.htm.
CVE-2026-5492 carries a CVSS score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating a medium-severity vulnerability with high confidentiality impact. The attack vector is network-based, requires low attack complexity, and only low-level privileges, but no user interaction is needed. The vulnerability does not affect integrity or availability directly, but the potential for sensitive data exposure makes it a significant concern for organizations relying on DriveLock for endpoint security.
This disclosure highlights the ongoing challenge of securing web services in enterprise management software. Directory traversal vulnerabilities remain a common class of bugs, often resulting from insufficient input validation in file path handling. Organizations using DriveLock are urged to apply the available update promptly and review access controls to the web service to limit exposure to authenticated users only.
The advisory also credits the researcher stuxxn for discovering and responsibly disclosing the vulnerability, following a coordinated disclosure timeline that allowed DriveLock to develop and release a patch before public disclosure. This case underscores the importance of coordinated vulnerability disclosure programs in helping vendors address security flaws before they can be exploited in the wild.