SQL Injection Privilege Escalation in DriveLock (CVE‑2026‑5490) Enables Remote Privilege Escalation
What It Is – DriveLock’s web service (default TCP 4568) suffers a SQL‑injection flaw that lets an authenticated attacker inject malicious queries and elevate privileges to administrative levels.
Exploitability – The vulnerability requires valid credentials but can be triggered remotely over the network; a proof‑of‑concept exists and the vendor has released a patch. CVSS v3.1 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Affected Products – All DriveLock installations (any version prior to the April 2026 security update).
TPRM Impact – As a widely deployed endpoint‑encryption solution, compromised DriveLock instances can expose encrypted data, undermine client‑side security controls, and propagate risk to downstream partners that rely on its protection.
Recommended Actions –
- Deploy the DriveLock security update immediately (see vendor bulletin).
- Enforce multi‑factor authentication for all DriveLock admin accounts.
- Conduct a privileged‑access review to detect any anomalous privilege changes.
- Update network segmentation to restrict access to port 4568 to trusted hosts only.
- Verify logs for suspicious SQL‑injection attempts and remediate any discovered abuse.