CVE-2026-12201

IObit Malware Fighter DLL permission

CVSS 4.8 MEDIUMEPSS 0.1%CWE-266 CWE-275

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

IObit · Malware Fighter

public PoCs found — 1

cve_referencenathan2.com/posts/iobit/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nasawyer7/IObitDriverav https://nathan2.com/posts/iobit/https://vuldb.com/cve/CVE-2026-12201 https://vuldb.com/submit/829913 https://vuldb.com/vuln/370844 https://vuldb.com/vuln/370844/cti