VYPR
researchPublished Jul 8, 2026· 1 source

Glarysoft Glary Utilities Suffers Local Privilege Escalation Flaw

A critical vulnerability in Glarysoft Glary Utilities allows local attackers to escalate privileges to SYSTEM by abusing a file deletion function.

The Zero Day Initiative (ZDI) has disclosed a significant local privilege escalation vulnerability, tracked as ZDI-26-402, affecting Glarysoft Glary Utilities. This flaw, which carries a CVSS score of 7.3, enables attackers who have already gained low-privileged access to a target system to elevate their privileges to the highest level, ultimately allowing for SYSTEM-level execution.

The vulnerability resides within the Disk Clean functionality of the Glary Utilities software. Attackers can exploit this by creating a symbolic link (junction) that tricks the application's service into deleting arbitrary files. This capability to manipulate file deletion operations is the core mechanism through which privilege escalation is achieved, granting attackers the ability to execute arbitrary code with SYSTEM privileges.

Exploitation requires an attacker to first possess the ability to run low-privileged code on the victim's machine. This prerequisite means the vulnerability is not directly exploitable remotely without prior access, but it poses a severe threat to systems where an attacker has already established a foothold, such as through malware infection or social engineering.

The disclosure timeline indicates a lengthy engagement between ZDI and the vendor. ZDI initially submitted the vulnerability report on May 29, 2025. Despite follow-ups and reminders, including a notification of intent to publish as a 0-day advisory on December 4, 2025, the vendor appears to have not released a patch in time for the coordinated public release on July 8, 2026.

Given the nature of the vulnerability, which involves abusing core file operations within the utility, the primary mitigation strategy recommended by ZDI is to restrict user interaction with the Glarysoft Glary Utilities product. This suggests that disabling the software or limiting its use, particularly the Disk Clean feature, is the most effective way to prevent exploitation until a proper patch is developed and deployed.

The vulnerability was discovered and reported by researchers Sharkkcode and Zeze from TeamT5, highlighting the ongoing efforts of security researchers to uncover flaws in widely used software.

This incident underscores the importance of timely patching and vendor responsiveness to security disclosures. While Glary Utilities aims to improve system performance, vulnerabilities within such tools can paradoxically lead to severe security compromises, turning a system optimization utility into a vector for complete system takeover.

Users and organizations relying on Glarysoft Glary Utilities are strongly advised to review their security posture, limit the software's usage, and monitor for any official security advisories or patches from Glarysoft. The lack of a vendor-provided fix at the time of public disclosure makes this a critical issue for affected users.

Synthesized by Vypr AI