CVE-2026-12201 | A flaw has been found in IObit Malware Fighter up to 13.2.0.… | CVSS 5.3 MEDIUM

Description

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-12201
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-14 11:43 UTC
Published: 2026-06-15 00:30 UTC
Last updated: 2026-06-15 00:30 UTC
Primary CWE: CWE-275
Permission Issues
Vendor / Product: IObit / Malware Fighter
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
IObit	Malware Fighter	—	13.0, 13.1, 13.2.0

Weakness (CWE)

CWE	Source	Description
CWE-266	cna	Incorrect Privilege Assignment
CWE-275	cna	Permission Issues

CVSS scores (4)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
5.3	MEDIUM	3.0	cna	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
4.3	N/D	2.0	cna	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

References (6)

VDB-370844 | IObit Malware Fighter DLL permission https://vuldb.com/vuln/370844
VDB-370844 | CTI Indicators (IOB, IOC, TTP) https://vuldb.com/vuln/370844/cti
CVE-2026-12201 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12201
Submit #829913 | IObit Malware Fighter 13.2.0 Insecure Permissions in Driver https://vuldb.com/submit/829913
https://github.com/nasawyer7/IObitDriverav
https://nathan2.com/posts/iobit/