CVE-2022-26522

HIGH EXPLOITED RANSOMWARE

Avast/AVG Anti Rootkit Driver <22.1 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2022-26522 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3.

References (2)

Core 2

Core References

https://www.avast.com/bug-bounty

https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2022-12-05

Ransomware Use Confirmed

CWE

CWE-367

Status published

Published May 08, 2026

Tracked Since May 08, 2026