CVE-2026-15684 in Glary Utilitiesinfo

Summary

by MITRE • 07/14/2026

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the Disk Clean functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27004.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/14/2026

This vulnerability represents a critical local privilege escalation flaw in Glarysoft Glary Utilities that enables attackers to elevate their privileges from standard user level to SYSTEM level execution context. The vulnerability specifically resides within the Disk Clean functionality component of the software, making it accessible through legitimate administrative tools but exploitable by malicious actors who have already gained low-privileged access to the target system. The flaw stems from improper privilege handling and file system manipulation capabilities that allow unauthorized users to leverage existing service mechanisms for destructive operations.

The technical exploitation mechanism involves creating a symbolic link or junction point that manipulates how the Disk Clean functionality processes file operations. When the vulnerable component attempts to clean or delete files, it follows the maliciously created junction point and executes operations on unintended targets. This creates a path traversal scenario where attacker-controlled file paths are resolved through the junction mechanism, allowing arbitrary file deletion through legitimate service interfaces. The vulnerability operates under CWE-22 Path Traversal and CWE-73 Path Traversal, specifically targeting file system access controls and privilege boundaries.

The operational impact of this vulnerability is severe as it provides attackers with complete system compromise capabilities once they achieve initial low-privileged execution. The escalation to SYSTEM context means that malicious actors can execute arbitrary code with full administrative privileges, potentially leading to data exfiltration, system persistence mechanisms, or further network reconnaissance activities. This vulnerability directly aligns with ATT&CK technique T1068 Privilege Escalation and T1547 Local Persistence, as it enables both immediate privilege elevation and long-term system control through elevated access.

Security professionals should prioritize patch management for affected Glarysoft Glary Utilities installations, particularly in enterprise environments where multiple users may have access to systems. The vulnerability's exploitation requires initial low-privileged access, suggesting that defense-in-depth strategies including user access controls, application whitelisting, and regular security assessments can mitigate risk. Organizations should also implement monitoring for unusual file deletion patterns and junction point creation activities, as these operations may indicate attempted exploitation of similar privilege escalation vulnerabilities. System administrators must ensure that all third-party utilities undergo proper security assessment before deployment, particularly those with administrative functionality or service integration capabilities that could be abused for privilege escalation attacks.

Responsible

Zdi

Reservation

07/13/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00142

KEV

no

Activities

low

Sources

Do you need the next level of professionalism?

Upgrade your account now!