Local Quarantine Vulnerability in Malwarebytes Software
CVE-2023-26088

7.8HIGH

Key Information:

Vendor: Malwarebytes
Status: Malwarebytes
Vendor: CVE Published:; 23 March 2023

🔔 Create Malwarebytes Vulnerability Alert

What is CVE-2023-26088?

In Malwarebytes versions prior to 4.5.23, a vulnerability exists that allows an attacker to exploit the local quarantine feature using symbolic links. This exploitation could enable unauthorized deletion of arbitrary files from the system. Additionally, there are scenarios where this vulnerability may facilitate privilege escalation, potentially allowing malicious users to gain higher access levels than intended.

References

https://support.malwarebytes.com/hc/en-us/articles/142795...

https://www.malwarebytes.com/secure/cves/cve-2023-26088

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Feb 20, 2023

CVE-2023-26088 Data

JSON