CVE-2026-7280 - Vulnerability Details - OpenCVE

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html
https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html

History

Tue, 28 Apr 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.
Title		eMPIA Technology｜AVACAST - Unquoted Service Path
Weaknesses		CWE-428
References		https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2026-04-28T09:46:52.882Z

Updated: 2026-04-28T09:46:52.882Z

Reserved: 2026-04-28T06:55:28.885Z

Link: CVE-2026-7280

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-28T10:16:04.263

Modified: 2026-04-28T10:16:04.263

Link: CVE-2026-7280

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7280", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-04-28T06:55:28.885Z", "datePublished": "2026-04-28T09:46:52.882Z", "dateUpdated": "2026-04-28T09:46:52.882Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-28T09:46:52.882Z"}, "title": "eMPIA Technology\uff5cAVACAST - Unquoted Service Path", "datePublic": "2026-04-28T09:41:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-428", "description": "CWE-428 Unquoted search path or element", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "eMPIA Technology", "product": "AVACAST", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "5.10.10.43", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts."}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Update to version 5.10.10.45 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": " Update to version 5.10.10.45 or later."}]}], "source": {"advisory": "TVN-202604011", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts."}], "id": "CVE-2026-7280", "lastModified": "2026-04-28T10:16:04.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-04-28T10:16:04.263", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}