CRITICAL🇵🇱 Wersja polska

CVE-2026-4415

CVSS 9.2v4.0pub. 2026-03-30upd. 2026-04-08

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gigabyte Control Center

    APP
    Gigabyte
    < 25.12.10.01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCELPE
CWE
References

Related vulnerabilities

CVE-2018-19323CRITICAL9.8⚠ KEVten sam vendor

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...

CVE-2017-3198CRITICAL9.8ten sam vendor

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. ...

CVE-2017-3197CRITICAL9.8ten sam vendor

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does no...

CVE-2018-19321HIGH7.8⚠ KEVten sam vendor

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befo...

CVE-2018-19320HIGH7.8⚠ KEVten sam vendor

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTRE...