Local Privilege Escalation in Avast Premium Security (CVE‑2026‑5424) Threatens Endpoint Integrity
What It Is – A newly disclosed vulnerability (CVE‑2026‑5424) in the Gen Self‑Protection driver of Avast Premium Security allows a local attacker to invoke an exposed dangerous function and elevate privileges to SYSTEM.
Exploitability – The flaw is locally exploitable once an adversary can run low‑privileged code. No public exploit code has been released, but the CVSS 7.8 rating (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a high likelihood of successful exploitation in the wild.
Affected Products – Avast Premium Security (all versions prior to 26.3).
TPRM Impact – The driver runs with kernel‑level rights; a compromise can bypass the very security controls an organization relies on, potentially giving attackers unfettered access to corporate networks, data stores, and other third‑party services.
Recommended Actions –
- Deploy the vendor‑provided patch (version 26.3) immediately.
- Verify that all endpoints running Avast Premium Security are updated via centralized patch‑management.
- Enforce strict least‑privilege policies for any code that can execute on user workstations.
- Conduct a focused audit of endpoint logs for anomalous SYSTEM‑level activity.
- Re‑evaluate the use of third‑party endpoint protection in high‑risk environments until remediation is confirmed.