Researchers at endpoint security firm SentinelOne have discovered two potentially serious vulnerabilities in antivirus products from Avast and AVG.
According to SentinelOne, the two vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, impacted both Avast and AVG antiviruses — Avast acquired AVG in 2016 and the flaws affect a shared anti-rootkit driver.
The security holes were reported to Avast in December and they were patched in February with the release of version 22.1.
Both SentinelOne and Avast said they have not seen any attacks exploiting these vulnerabilities.
“Avast and AVG users were automatically updated and are protected against any risk of exploitation, although we have not seen the vulnerabilities abused in the wild. We recommend our Avast and AVG users constantly update their software to the latest version to be protected,” Avast told SecurityWeek in a statement.
“Coordinated disclosure is an excellent way of preventing risks from manifesting into attacks, and we encourage participation in our bug bounty program,” the antivirus firm added.
However, SentinelOne pointed out that air-gapped or on-premises installations that are not automatically updated could still be vulnerable, and users have been advised to ensure that the patches are installed as soon as possible.
CVE-2022-26522 and CVE-2022-26523 appear to have been introduced with the release of Avast 12.1 in January 2012.
Considering that the flaws have been present in the Avast antivirus for a decade, SentinelOne estimates that millions of users were at risk, and warned that malicious actors could still seek out those users whose antiviruses may not have been updated.
SentinelOne has released technical details for both vulnerabilities, which have been rated “high severity” and which allow an attacker with limited privileges on the targeted system to execute code in kernel mode and take complete control of the device.
“Due to the nature of these vulnerabilities, they can be triggered from sandboxes and might be exploitable in contexts other than just local privilege escalation. For example, the vulnerabilities could be exploited as part of a second stage browser attack or to perform a sandbox escape, among other possibilities,” SentinelOne said.
The company added, “Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products.”
Related: High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices
Related: Vulnerability Prompts Avast to Disable Emulator Used by Antivirus
Related: ESET Patches High-Severity Vulnerability in Windows Applications

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
Latest News
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
