CVE-2026-12166

Summary

A NULL pointer dereference vulnerability for driver GFAC_Sys_x64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

Affected Software

VendorProductVersion RangeStatus
Little OrbitGameFirst Anti-Cheat0 <= 2025-07-07affected

Weaknesses

  • CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References