CVE-2026-4415
9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GIGABYTE | Gigabyte Control Center | 0 <= 25.07.21.01 | affected |
Weaknesses
- CWE-23: CWE-23 Relative path traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html
- https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.