CVE-2026-7832

HIGH

IObit Advanced SystemCare Service ASC.exe symlink

Title source: cna

Description

A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-361111 | IObit Advanced SystemCare Service ASC.exe symlink

https://vuldb.com/vuln/361111

Signature, Permissions Required signature permissions-required

VDB-361111 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/361111/cti

Third Party Advisory third-party-advisory

Submit #797630 | IObit Advanced SystemCare 19 Link Following

https://vuldb.com/submit/797630

Patch exploit patch

https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf

View Patch ZIP pw:eip

Scores

CVSS v3 7.0

EPSS 0.0013

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-59 CWE-61

Status published

Products (1)

IObit/Advanced SystemCare 19

Published May 05, 2026

Tracked Since May 05, 2026