Description
In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios.
References (2)
Core 2
Core References
Release Notes
https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes
Vendor Advisory
https://www.malwarebytes.com/secure/cves/cve-2023-26088
Scores
CVSS v3
7.8
EPSS
0.0047
EPSS Percentile
37.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-59
Status
published
Products (1)
malwarebytes/malwarebytes
< 4.5.23
Published
Mar 23, 2023
Tracked Since
Feb 18, 2026