ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5424.
AI Analysis
Technical Summary
CVE-2026-5424 is a local privilege escalation vulnerability in Avast Premium Security's Gen Self Protection driver. The vulnerability arises from an exposed dangerous function within the driver, which can be leveraged by an attacker who already has the ability to execute low-privileged code on the target system. Successful exploitation allows arbitrary code execution with SYSTEM privileges, significantly elevating the attacker's control over the affected system. The vulnerability carries a CVSS v3 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was reported to Avast on April 1, 2026, and a coordinated public advisory was released on April 15, 2026. Avast addressed the issue in version 26.3 of Premium Security.
Potential Impact
If exploited, this vulnerability allows a local attacker with low-level code execution rights to escalate privileges to SYSTEM level, enabling full control over the affected system. This can lead to compromise of confidentiality, integrity, and availability of the system. However, exploitation requires prior local access and code execution capabilities. There are no known exploits in the wild as of the advisory date.
Mitigation Recommendations
The vulnerability has been fixed in Avast Premium Security version 26.3. Users and administrators should update affected installations to version 26.3 or later to remediate this issue. No additional mitigation steps are indicated by the vendor advisory.
ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
Description
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5424.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-5424 is a local privilege escalation vulnerability in Avast Premium Security's Gen Self Protection driver. The vulnerability arises from an exposed dangerous function within the driver, which can be leveraged by an attacker who already has the ability to execute low-privileged code on the target system. Successful exploitation allows arbitrary code execution with SYSTEM privileges, significantly elevating the attacker's control over the affected system. The vulnerability carries a CVSS v3 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was reported to Avast on April 1, 2026, and a coordinated public advisory was released on April 15, 2026. Avast addressed the issue in version 26.3 of Premium Security.
Potential Impact
If exploited, this vulnerability allows a local attacker with low-level code execution rights to escalate privileges to SYSTEM level, enabling full control over the affected system. This can lead to compromise of confidentiality, integrity, and availability of the system. However, exploitation requires prior local access and code execution capabilities. There are no known exploits in the wild as of the advisory date.
Mitigation Recommendations
The vulnerability has been fixed in Avast Premium Security version 26.3. Users and administrators should update affected installations to version 26.3 or later to remediate this issue. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Article Source
- {"url":"http://www.zerodayinitiative.com/advisories/ZDI-26-271/","fetched":true,"fetchedAt":"2026-05-26T19:58:38.186Z","wordCount":185}
Threat ID: 6a15fc93e29bf47b5055e089
Added to database: 5/26/2026, 8:03:31 PM
Last enriched: 5/26/2026, 8:09:34 PM
Last updated: 5/27/2026, 4:49:43 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.