CVE-2026-6851

Summary

An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links.

This issue affects Total Security: before 27.0.58.315; Internet Security: before 27.0.58.315.

Affected Software

VendorProductVersion RangeStatus
BitdefenderTotal Security0 < 27.0.58.315affected
BitdefenderInternet Security0 < 27.0.58.315affected

Weaknesses

  • CWE-59: CWE-59 Improper link resolution before file access ('link following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References