ZDI 2026-04-15

ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

CVE-2026-5424

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires prior local code execution to escalate privileges. The advisory notes a CVSS score of 7.8 for this local privilege escalation.

Context

The vulnerability affects the Gen Self Protection Driver in Avast Premium Security. The source describes a local privilege escalation vulnerability that requires an attacker to already have low-privileged code execution on the target system.

Operator considerations

The source does not provide enough basis for specific operator guidance regarding this vulnerability.

From Zero Day Initiative ↗

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-5424.

Read the full advisory on ZDI →