CVE-2026-7280

CVSS v3.1

6.7

Medium

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2026-7280

Affected Products

Avacast

CVE-2026-7280

Weakness Enumeration

Related Identifiers

Affected Products

References · 3