Skip to main content
ZDI-CAN-28680 HIGH 7.8 Overdue Feb 12, 2026

Gen Digital

Gen Digital, known for Norton antivirus and LifeLock identity protection services, has a high-severity local privilege escalation vulnerability (CVSS 7.8) that requires low-level user access but no additional authentication to achieve complete system compromise including data theft and integrity violations. The vulnerability can be exploited directly by an authenticated local attacker without user interaction, making it particularly dangerous in multi-user environments or systems with guest accounts. Security teams should monitor for patches expected by June 2026 and prioritize this update for systems where local user access cannot be strictly controlled.

Advisory Details
Researcher Anonymous
Reported February 12, 2026
Deadline June 12, 2026 35d overdue
CVSS Vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy