This page aggregates publicly disclosed CVE and security risk information related to clamxav, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-24245 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | [email protected] | 7.8 | 0.14% | 2024-04-09 | 2025-05-13 |
| CVE-2020-26893 | An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool. | [email protected] | 7.8 | 0.04% | 2020-10-16 | 2024-11-21 |