Back to overview

CVE-2026-6851

HIGH
7.0
CVSS 4.0
Description
An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue affects Total Security: before 27.0.58.315; Internet Security: before 27.0.58.315.

Metadata

CVE ID
CVE-2026-6851
State
PUBLISHED
Assigner
Bitdefender
Reserved
2026-04-22 10:06 UTC
Published
2026-07-14 07:11 UTC
Last updated
2026-07-14 07:12 UTC
Primary CWE
CWE-59
CWE-59 Improper link resolution before file access ('link fo…
Vendor / Product
Bitdefender / Total Security
Sources
cve.org  ·  NVD

Severity & Metrics

7.0 HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products (2)
VendorProductPlatformVersions
Bitdefender Internet Security Windows 0 < 27.0.58.315
Bitdefender Total Security Windows 0 < 27.0.58.315
Weakness (CWE)
CWESourceDescription
CWE-59 cna CWE-59 Improper link resolution before file access ('link following')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.0 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview