cobiansoft CVE Vulnerabilities & Metrics

Focus on cobiansoft vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About cobiansoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with cobiansoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total cobiansoft CVEs: 4
Earliest CVE date: 17 Jul 2017, 13:18 UTC
Latest CVE date: 13 Jan 2026, 23:15 UTC

Latest CVE reference: CVE-2022-50923

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical cobiansoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.7

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS cobiansoft CVEs

These are the five CVEs with the highest CVSS scores for cobiansoft, sorted by severity first and recency.

CVE-2017-11318 cobiansoft Published on 17 Jul 2017, 13:18 UTC (CVSS: 6.8)
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.
CVE-2022-50923 cobiansoft Published on 13 Jan 2026, 23:15 UTC (CVSS: 0)
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
CVE-2022-50689 cobiansoft Published on 22 Dec 2025, 22:15 UTC (CVSS: 0)
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration.
CVE-2022-50687 cobiansoft Published on 22 Dec 2025, 22:15 UTC (CVSS: 0)
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash.

All CVEs for cobiansoft

CVE-2022-50923 cobiansoft vulnerability CVSS: 0 13 Jan 2026, 23:15 UTC

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.

CVE-2022-50689 cobiansoft vulnerability CVSS: 0 22 Dec 2025, 22:15 UTC

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration.

CVE-2022-50687 cobiansoft vulnerability CVSS: 0 22 Dec 2025, 22:15 UTC

Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash.

CVE-2017-11318 cobiansoft vulnerability CVSS: 6.8 17 Jul 2017, 13:18 UTC

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.