CVE-2026-7279
DLL Hijacking in AVACAST Allows System-Level Code Execution
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| empia_technology | avacast | to 5.10.10.45 (exc) |
| empia_technology | avacast | From 5.10.10.45 (inc) |
| empia_technology | avacast | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7279 is a DLL Hijacking vulnerability in AVACAST (Windows) versions 5.10.10.43 and earlier. It allows an authenticated local attacker to place a malicious DLL in a specific directory. When the system loads this DLL, it executes arbitrary code with system privileges.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution with system-level privileges, meaning an attacker can run malicious code with the highest level of access on the affected system.
Such an exploit can compromise the confidentiality, integrity, and availability of the system, potentially allowing the attacker to control the system, access sensitive data, or disrupt services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves an attacker placing a malicious DLL in a specific directory used by AVACAST versions 5.10.10.43 and earlier. Detection would involve checking for unexpected or suspicious DLL files in the directories where AVACAST loads DLLs.
Since the vulnerability requires local authentication and involves DLL hijacking, you can inspect the AVACAST installation directories for unauthorized DLL files or changes.
Suggested commands to detect suspicious DLLs might include using Windows PowerShell or Command Prompt to list DLL files and check their properties or hashes for anomalies.
- Use PowerShell to list DLL files in the AVACAST directory: Get-ChildItem -Path "C:\Program Files\AVACAST" -Filter *.dll -Recurse
- Compare the hashes of DLL files against known good versions to detect unauthorized changes.
- Check running processes and loaded modules for unexpected DLLs using tools like Process Explorer or the command: tasklist /m
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to update AVACAST to version 5.10.10.45 or later, which addresses this DLL hijacking vulnerability.
Since the vulnerability requires local authenticated access, restricting local user privileges and monitoring for unauthorized file placements in AVACAST directories can help reduce risk.
Additionally, applying the principle of least privilege and ensuring that only trusted users have access to the system can mitigate exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-7279 vulnerability allows authenticated local attackers to execute arbitrary code with system privileges by exploiting DLL hijacking in AVACAST. This can lead to unauthorized access, modification, or disruption of sensitive data and system operations.
Such unauthorized access and potential data compromise could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of confidentiality, integrity, and availability of sensitive data.
However, the provided information does not explicitly mention the direct effects on compliance with these standards or any regulatory implications.