CVE-2026-7832 - Vulnerability Details

- IObit Advanced SystemCare Service ASC.exe symlink

Description

A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.

Published: 2026-05-05

Score: 7.3 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the ASC.exe component of IObit Advanced SystemCare allows a local attacker to manipulate the process so that it follows symbolic links. This can lead to unauthorized file access or modification, effectively enabling a privilege escalation or potentially arbitrary code execution, depending on how the symlink is exploited. The vulnerability is described as high‑complexity and difficult to exploit, yet the exploit code has already been released to the public, indicating that capable attackers could attempt the attack.

Affected Systems

IObit Advanced SystemCare, version 19, on Windows platforms. The exact product component is the Service module of ASC.exe. No other versions or components are listed as affected; therefore the scope is limited to this specific build of the software.

Risk and Exploitability

The CVSS score of 7.3 places this vulnerability in the high‑severity range, but the lack of an EPSS rating and its absence from the CISA KEV catalog suggest that large‑scale exploitation is not currently widespread. Because local privilege is required, the attack vector is limited to users who have a local account with sufficient rights to interact with the ASC.exe process. Overall, the risk is moderate to high for environments where the software is installed with elevated privileges or where local users can influence the application.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IObit

Advanced SystemCare

affected

Version	Status	Constraints
`19`	affected	—

No data.

Vendor Product Confidence Versions

Iobit

Advanced Systemcare

95%

Version	Status	Scheme	Platform
`19`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the IObit website or support portal for an updated version of Advanced SystemCare that addresses the ASC.exe symlink issue and install it immediately.
Configure file and system permissions so that only trusted privileged accounts can write or modify the ASC.exe directory, thereby preventing local users from creating malicious symbolic links.
If a patch is not yet available, consider removing or disabling the vulnerable component or restricting the user accounts that can execute Advanced SystemCare on the affected systems.

Generated by OpenCVE AI on May 5, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf
https://vuldb.com/submit/797630
https://vuldb.com/vuln/361111
https://vuldb.com/vuln/361111/cti

History

Tue, 05 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 05 May 2026 12:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.
Title		IObit Advanced SystemCare Service ASC.exe symlink
First Time appeared		Iobit Iobit advanced Systemcare
Weaknesses		CWE-59 CWE-61
CPEs		cpe:2.3:a:iobit:advanced_systemcare::::::::
Vendors & Products		Iobit Iobit advanced Systemcare
References		https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf https://vuldb.com/submit/797630 https://vuldb.com/vuln/361111 https://vuldb.com/vuln/361111/cti
Metrics		cvssV2_0 `{'score': 6, 'vector': 'AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Iobit Advanced Systemcare

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-05T12:15:09.652Z

Updated: 2026-05-05T14:12:10.334Z

Reserved: 2026-05-05T05:56:24.243Z

Link: CVE-2026-7832

Vulnrichment

Updated: 2026-05-05T13:56:51.884Z

NVD

Status : Deferred

Published: 2026-05-05T13:16:31.223

Modified: 2026-05-05T19:09:32.000

Link: CVE-2026-7832

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-05T14:30:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object