CVE-2026-6851
HIGH
7.0
CVSS 4.0
Description
An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links.
This issue affects Total Security: before 27.0.58.315; Internet Security: before 27.0.58.315.
Metadata
Severity & Metrics
7.0
HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Bitdefender | Internet Security | Windows | 0 < 27.0.58.315 |
| Bitdefender | Total Security | Windows | 0 < 27.0.58.315 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-59 | cna | CWE-59 Improper link resolution before file access ('link following') |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.0 | HIGH | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
References (1)