Double Fetch Vulnerability in Avast and AVG Anti Rootkit Driver
CVE-2022-26523

5.3MEDIUM

Key Information:

Vendor: Avast
Status: AVG Anti Rootkit Driver
Vendor: CVE Published:; 8 May 2026

What is CVE-2022-26523?

The AVG and Avast Anti Rootkit Driver contains a double fetch vulnerability in its socket connection handler. This flaw allows local attackers to exploit the system, potentially leading to arbitrary code execution in kernel mode. Additionally, it poses a risk of denial of service, which can result in memory corruption and an operating system crash, disrupting normal system operations and jeopardizing user data. Users and system administrators are encouraged to update their software to mitigate these risks and ensure system integrity.

References

https://www.avast.com/bug-bounty

https://www.sentinelone.com/labs/vulnerabilities-in-avast...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Mar 7, 2022

CVE-2022-26523 Data

JSON