CVE-2026-15684
Received Received - Intake

Glary Utilities Link Following Local Privilege Escalation

Vulnerability report for CVE-2026-15684, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Zero Day Initiative

Description

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Disk Clean functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27004.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
glarysoft glary_utilities *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

If you are using an affected version of Glarysoft Glary Utilities, this vulnerability could have serious impacts:

  • An attacker with low-privileged access to your system could escalate their privileges to SYSTEM level, gaining full control over the system.
  • The attacker could execute arbitrary code, install malware, or perform other malicious actions with the highest level of system access.
  • The vulnerability could be used to delete critical system files, leading to system instability or crashes.
  • Sensitive data on the system could be accessed, modified, or exfiltrated by the attacker.
Executive Summary

CVE-2026-15684 is a local privilege escalation vulnerability in Glarysoft Glary Utilities. It allows an attacker with low-privileged access to a target system to escalate their privileges to SYSTEM level, which is the highest level of access on a Windows system.

The vulnerability exists in the Disk Clean functionality of Glary Utilities. Specifically, an attacker can exploit this flaw by creating a junction (a type of symbolic link in Windows) to trick the service into deleting arbitrary files. This manipulation can then be leveraged to execute arbitrary code with SYSTEM privileges.

Compliance Impact

This vulnerability could impact compliance with several common standards and regulations, depending on the context of its exploitation:

  • GDPR (General Data Protection Regulation): If the affected system processes or stores personal data of EU citizens, a successful exploit could lead to unauthorized access or exfiltration of this data. This would constitute a data breach under GDPR, potentially resulting in significant fines and reputational damage.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), this vulnerability could lead to unauthorized access or disclosure of PHI, violating HIPAA's Privacy and Security Rules. This could result in penalties and legal consequences.
  • Other standards like PCI DSS (Payment Card Industry Data Security Standard) or SOX (Sarbanes-Oxley Act) could also be impacted if the affected system handles payment card data or financial records, as the vulnerability could lead to unauthorized access or manipulation of sensitive information.

Organizations should assess whether their systems are affected and take appropriate remediation steps to maintain compliance with relevant regulations.

Mitigation Strategies

Based on the provided context, the following immediate steps can be taken to mitigate the Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability (CVE-2026-15684):

  • Apply the latest patch or update from Glarysoft if available. Since the vulnerability allows local privilege escalation, ensure that the software is updated to the newest version that addresses this issue.
  • Restrict local access to the system. Since exploitation requires low-privileged code execution on the target system, limit user access to only those who need it.
  • Monitor for suspicious activity related to the Disk Clean functionality, such as unexpected file deletions or junction point creations.
  • Consider disabling or uninstalling Glary Utilities if it is not critical to operations, especially in high-security environments.
Detection Guidance

Detecting the presence of CVE-2026-15684 (Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability) on a system or network involves checking for the installation of vulnerable versions of Glary Utilities and inspecting for suspicious junction points or file deletion activities that could indicate exploitation attempts.

  • Check if Glary Utilities is installed on the system. On Windows, you can use the following command in PowerShell or Command Prompt to list installed programs:
  • ```powershell Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion | Where-Object { $_.DisplayName -like "*Glary Utilities*" } ```
  • Alternatively, use the Windows built-in tool to list installed programs:
  • ```cmd wmic product where "name like 'Glary Utilities%%'" get name, version ```
  • Inspect the system for suspicious junction points or symbolic links that could be used to exploit the vulnerability. Use the following command to list junction points in a directory (e.g., `C:\`):
  • ```cmd dir /AL /S C:\ ```
  • Monitor for unusual file deletion activities, especially in system directories. While this may not directly detect the vulnerability, it can indicate exploitation attempts. Use Windows Event Logs or third-party tools to track file deletions.

Since this is a local privilege escalation vulnerability, detection primarily relies on verifying the installation of the vulnerable software and monitoring for anomalous behavior rather than network-based detection.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15684. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart