Primary

Context

Malwarebytes and Nebula Race Condition Vulnerability Leading to Code Execution

Vulnerability

Patched

A race condition vulnerability allowing code execution has been identified in Malwarebytes versions prior to 4.6.14.326 and 5.1.5.116, as well as in the Nebula platform 2020-10-21 and later. The issue arises from a lack of synchronization between file verification and execution processes, creating a time-of-check/time-of-use vulnerability.

Impact

Exploitation of this vulnerability allows for unauthorized code execution on the affected system.

Remediation

Users are advised to upgrade to Malwarebytes versions 4.6.14.326 or later, 5.1.5.116 or later, or to the Nebula platform version available in June 2024. For Nebula, ensure the Endpoint Agent version is 2.0.0.64 or later and the Protection Service version is 4.6.17.334 or later.

Added: Aug 14, 2025, 7:02 PM

Updated: Aug 14, 2025, 7:02 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

2.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

2.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Malwarebytes and Nebula Race Condition Vulnerability Leading to Code Execution

Vulnerability

Impact

Remediation

Affected Products

Malwarebytes

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating