Answer Brief
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later.
Executive Summary: TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later.
Why It Matters
This Taiwan CERT advisory highlights two classic Windows local privilege escalation paths that remain operationally important for enterprise defenders because they can turn an initial foothold into full machine takeover.
According to TWCERT/CC, CVE-2026-7279 is a DLL hijacking issue: an authenticated local attacker can place a malicious DLL into a specific path so that when the system loads it, arbitrary code executes with SYSTEM privileges. CVE-2026-7280 is an unquoted service path weakness: a local attacker who already has administrative privileges can place a malicious executable in a particular path with a crafted name so that when the AVACAST service starts, the program runs as SYSTEM.
While both vulnerabilities are local (not remotely exploitable as described in the advisory), they matter in real-world intrusion chains because endpoint compromise often begins with low-privilege execution (phishing, drive-by installs, or abused legitimate tools) and then pivots to SYSTEM-level execution via misconfigurations and software weaknesses. For global security and infrastructure teams, the signal from TWCERT/CC is that Windows service hardening and secure DLL loading practices continue to be a cross-region risk, and regional software used in Taiwan-based enterprises can also appear in multinational environments through suppliers, subsidiaries, or shared IT stacks.
TWCERT/CC’s mitigation guidance is straightforward: organizations running AVACAST for Windows should update from 5.10.10.43 or earlier to 5.10.10.45 or later. The advisory credits vulnerability reporting to Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc.
Event Type: security
Importance: medium
Affected Companies
- GMO Cybersecurity by IERAE, Inc.
- Herlin Digital Technology (禾麟數碼科技)
- TWCERT/CC (Taiwan Computer Emergency Response Team/Coordination Center)
Affected Sectors
- Cybersecurity
- Enterprise Software
- IT Operations
- Windows Endpoint Security
Key Numbers
- TVN ID: TVN-202604011
- CVE: CVE-2026-7279
- CVSS (CVE-2026-7279): 7.8 (High) / AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVE: CVE-2026-7280
- CVSS (CVE-2026-7280): 6.7 (Medium) / AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Affected versions: AVACAST (Windows) 5.10.10.43 and earlier (inclusive)
- Fixed version: Update to 5.10.10.45 or later (inclusive)
- Public disclosure date (TWCERT/CC): 2026-04-28
Timeline
- TWCERT/CC publishes TVN-202604011 covering CVE-2026-7279 and CVE-2026-7280; recommends upgrading AVACAST to 5.10.10.45+.