Avast Premium Security Driver Flaw Allows Local Privilege Escalation to SYSTEM
A high-severity vulnerability in Avast Premium Security's Gen Self Protection driver lets local attackers with low-privileged code execution escalate privileges to SYSTEM.
A local privilege escalation vulnerability has been disclosed in Avast Premium Security, affecting the product's Gen Self Protection driver. Tracked as CVE-2026-5424 and published by the Zero Day Initiative on April 15, 2026, the flaw allows an attacker who already has low-privileged code execution on a target system to elevate their privileges to the highest level — SYSTEM. The vulnerability carries a CVSS score of 7.8, reflecting its serious impact on confidentiality, integrity, and availability.
The specific flaw resides within the Gen Self Protection driver, a component designed to safeguard Avast's own processes from tampering. According to the advisory, the issue stems from an exposed dangerous function that should not be accessible to unprivileged users. By exploiting this exposed function, an attacker can execute arbitrary code in the context of the SYSTEM account, effectively gaining full control over the affected machine.
Avast Premium Security is a widely used consumer antivirus suite, installed on millions of Windows systems globally. While the vulnerability requires an attacker to already have some form of low-privileged code execution on the target — for example, through a separate malware infection or a compromised user account — the escalation to SYSTEM privileges dramatically increases the potential damage. An attacker could disable security software, install persistent backdoors, steal sensitive data, or pivot to other systems on the same network.
The vulnerability was reported to Avast by researcher aviel zohar on April 1, 2026. The coordinated disclosure timeline shows a relatively swift response: the vendor released a fix in Avast Premium Security version 26.3, and the advisory was published just two weeks later on April 15. Users are strongly advised to update to version 26.3 or later to mitigate the risk. No in-the-wild exploitation has been reported at the time of disclosure.
This disclosure is part of a broader pattern of vulnerabilities in security software drivers. Because such drivers operate with kernel-level privileges, any flaw that exposes dangerous functionality can have severe consequences. Previous examples include flaws in drivers from other major antivirus vendors, such as McAfee and Symantec, which have similarly allowed privilege escalation. The incident underscores the importance of rigorous code review and sandboxing for security products themselves.
For users, the primary mitigation is straightforward: ensure that Avast Premium Security is updated to the latest version. The update can be applied automatically through the product's built-in update mechanism or by downloading the latest installer from the official Avast website. Organizations should also enforce the principle of least privilege on endpoints to limit the initial foothold an attacker can achieve, reducing the likelihood that a low-privileged compromise can be leveraged to exploit this or similar vulnerabilities.