PatchSiren cyber security CVE debrief
CVE-2026-12193 VS Revo CVE debrief
A high-severity vulnerability, CVE-2026-12193, was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The vulnerability is caused by a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys library. This issue can be exploited locally, and a public exploit is available. To mitigate this vulnerability, users are advised to upgrade to version 2.7.0.
- Vendor
- VS Revo
- Product
- RevoUninstaller
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of VS Revo RevoUninstaller 2.5.x/2.6.x should be aware of this vulnerability and take steps to upgrade to a fixed version.
Technical summary
The vulnerability is caused by a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys library of VS Revo RevoUninstaller 2.5.x/2.6.x. This issue has a CVSS score of 7.1 and is classified as HIGH severity.
Defensive priority
High
Recommended defensive actions
- Upgrade to version 2.7.0 of VS Revo RevoUninstaller to fix this issue.
Evidence notes
The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-12193) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-12193), respectively.
Official resources
CVE-2026-12193 was published on 2026-06-15T00:16:43.350Z and has not been modified since then.