CVE-2026-8921

Summary

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSASUS Business Manager0 <= v3.0.38.0affected

Weaknesses

  • CWE-73: CWE-73 External control of file name or path

References