DLL Hijacking Vulnerability in AVACAST by eMPIA Technology
CVE-2026-7279

8.5HIGH

Key Information:

Vendor: Empia Technology
Status: Avacast
Vendor: CVE Published:; 28 April 2026

🔔 Create Empia Technology Vulnerability Alert

What is CVE-2026-7279?

The AVACAST software developed by eMPIA Technology is vulnerable to a DLL Hijacking attack. This vulnerability permits authenticated local attackers to inject a malicious dynamic link library (DLL) into a specific directory. When the system attempts to load the legitimate DLL, it inadvertently executes the malicious code with elevated system privileges, potentially leading to severe security breaches. Users and administrators should ensure that they are utilizing the latest updates and review security configurations to mitigate the risk posed by this vulnerability.

Affected Version(s)

AVACAST 0 <= 5.10.10.43

References

https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html

third-party-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-7279 Data

JSON