CVE-2023-26088

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.

Published: Mar 23, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-26088
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
malwarebytes / malwarebytes	-	4.5.23

https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes
https://www.malwarebytes.com/secure/cves/cve-2023-26088

Vulnerability Database

289,784

CVE-2023-26088