CVE-2026-7280

Summary

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.

Affected Software

VendorProductVersion RangeStatus
eMPIA TechnologyAVACAST0 <= 5.10.10.43affected

Weaknesses

  • CWE-428: CWE-428 Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References