CVE-2026-8920

Summary

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On specific models , this can also cause a single feature to become unavailable . Refer to the ' Security Update for Aura Wallpaper Service ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSAura Wallpaper Servicev2.1.8.0 <= v2.1.15.0affected

Weaknesses

  • CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References