Skip to main content

Glary Utilities

2 CVEs product

Monthly

CVE-2026-15684 HIGH This Week

Local privilege escalation in Glarysoft Glary Utilities lets an already-present low-privileged attacker abuse the Disk Clean feature to delete arbitrary files and ultimately execute code as SYSTEM. Discovered and reported through the Zero Day Initiative (ZDI-26-402, ZDI-CAN-27004), it stems from the privileged cleanup service following filesystem junctions (CWE-59) planted by the attacker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but ZDI-sourced advisories are typically high-fidelity and reproducible.

RCE Privilege Escalation Glary Utilities
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2018-0619 HIGH This Week

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glary Utilities
NVD
CVSS 3.0
7.8
EPSS
0.8%
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation in Glarysoft Glary Utilities lets an already-present low-privileged attacker abuse the Disk Clean feature to delete arbitrary files and ultimately execute code as SYSTEM. Discovered and reported through the Zero Day Initiative (ZDI-26-402, ZDI-CAN-27004), it stems from the privileged cleanup service following filesystem junctions (CWE-59) planted by the attacker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but ZDI-sourced advisories are typically high-fidelity and reproducible.

RCE Privilege Escalation Glary Utilities
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glary Utilities
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy