CVE-2022-26523

MEDIUM EXPLOITED RANSOMWARE

Avast/AVG Anti Rootkit Driver <22.1 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2022-26523 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.

References (2)

Core 2

Core References

https://www.avast.com/bug-bounty

https://www.sentinelone.com/labs/vulnerabilities-in-avast-and-avg-put-millions-at-risk/

Scores

CVSS v3 5.3

EPSS 0.0025

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2022-12-05

Ransomware Use Confirmed

CWE

CWE-400

Status published

Published May 08, 2026

Tracked Since May 08, 2026