CVE-2026-58583
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FluxInk | Color Management Driver | 0 < 1.0.7.6 | affected |
| FluxInk | Color Management Driver | 1.0.7.6 | unaffected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
References
- https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h
- https://github.com/b3s3da/TcnPeripheral64_PoC
- https://www.cve.org/CVERecord?id=CVE-2026-58583
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.