Skip to main content

Bitdefender Total Security CVE-2026-6851

| EUVDEUVD-2026-43632 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-07-14 Bitdefender GHSA-f943-xhh7-7c5g
7.0
CVSS 4.0 · Vendor: Bitdefender
Share

Severity by source

Vendor (Bitdefender) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

Local low-priv attacker (AV:L/PR:L) must win a symlink TOCTOU race (AC:H) and needs the shred operation triggered (UI:R), yielding full local C/I/A impact without scope change.

3.1 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Bitdefender).

CVSS VectorVendor: Bitdefender

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jul 14, 2026 - 11:17 EUVD
Analysis Generated
Jul 14, 2026 - 08:15 vuln.today
CVE Published
Jul 14, 2026 - 07:11 cve.org
HIGH 7.0

DescriptionCVE.org

An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links.

This issue affects Total Security: before 27.0.58.315; Internet Security: before 27.0.58.315.

AnalysisAI

Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain low-privileged local logon
Delivery
Plant directory and prepare symlink swap
Exploit
Trigger privileged File Shredder operation
Execution
Win TOCTOU race redirecting to protected target
Persist
Overwrite/delete elevated file
Impact
Escalate privileges on host

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to the Windows host as a less-privileged user (PR:L) and requires the privileged File Shredder module to act on an attacker-influenced path, with user interaction (UI:P) to trigger the shred operation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H, base 7.0 High) is internally consistent with a local, low-privilege attacker who needs to win a race and requires user interaction to trigger the privileged shred operation, but achieves high impact to confidentiality, integrity and availability of the local system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user on a shared Windows workstation stages a directory and prepares to swap a benign file for a symbolic link pointing at a protected system file. When the privileged File Shredder operation runs against that path, the attacker wins the race and redirects the elevated delete/overwrite to their chosen target, corrupting or removing a protected resource to escalate privileges. …
Remediation Vendor-released patch: update Bitdefender Total Security and Internet Security to version 27.0.58.315 or later; these products auto-update by default, so verify the installed engine/product version and force an update check on managed endpoints. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: conduct a complete inventory of all Windows endpoints running Bitdefender versions before 27.0.58.315, documenting specific versions and identifying systems handling sensitive data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-5005 CRITICAL POC
9.8 Jan 02

Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlie

CVE-2015-8285 HIGH POC
7.5 Apr 20

The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service. Rated high severity (CVSS

CVE-2018-10018 HIGH POC
8.8 Jul 13

The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a lo

CVE-2025-69875 HIGH POC
7.8 Feb 03

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient val

CVE-2019-9742 HIGH POC
7.5 Mar 13

gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Char

CVE-2014-9643 HIGH POC
7.2 Feb 06

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users

CVE-2020-27587 MEDIUM POC
6.7 Nov 30

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vau

CVE-2019-15689 MEDIUM POC
6.7 Dec 02

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to ve

CVE-2017-8773 CRITICAL
9.8 May 04

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 a

CVE-2017-8775 CRITICAL
9.8 May 04

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 a

CVE-2017-8774 CRITICAL
9.8 May 04

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 a

CVE-2020-27586 MEDIUM POC
5.9 Nov 30

Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. Rated medium severi

Share

CVE-2026-6851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy