Vulnerability DatabaseCVE-2023-26088

CVE-2023-26088:
Homebrew vulnerability analysis and mitigation

Overview

CVE-2023-26088 affects Malwarebytes versions before 4.5.23, discovered and disclosed in March 2023. The vulnerability exists in the local quarantine system of Malwarebytes for Windows, where a symbolic link can be exploited to delete arbitrary files on the system (NVD, Malwarebytes Advisory).

Technical details

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is categorized under CWE-59 (Improper Link Resolution Before File Access) and requires local access to exploit. The vulnerability specifically involves the local quarantine system's handling of symbolic links (NVD).

Impact

The vulnerability can lead to arbitrary file deletion on the affected system and potential privilege escalation in certain scenarios. This gives attackers with local access the ability to delete any file on the system by exploiting the quarantine system's symbolic link handling (Malwarebytes Advisory).

Mitigation and workarounds

The recommended mitigation is to upgrade affected endpoints to Malwarebytes version 4.5.23 or later, which contains the patch for this vulnerability (Release Notes).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-57052	CRITICAL	9.8	NixOS	cjson	No	Yes	Sep 03, 2025
CVE-2025-8614	HIGH	7.8	Homebrew	cpe:2.3:a:nomachine:nomachine	No	Yes	Sep 02, 2025
CVE-2025-9784	HIGH	7.5	Java	pki-resteasy	No	No	Sep 02, 2025
CVE-2025-51966	MEDIUM	6.1	Homebrew	utools	No	No	Sep 02, 2025
CVE-2025-9732	MEDIUM	4.8	NixOS	dcmtk	No	No	Aug 31, 2025