Medium severity6.7NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026

CVE-2026-7280

Description

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/en/cp-139-10885-02d83-2.htmlnvd
www.twcert.org.tw/tw/cp-132-10884-f9c21-1.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000