CVE-2026-1880 | THREATINT

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2026-02-04 | Published 2026-04-16 | Updated 2026-04-16 | Assigner ASUS

MEDIUM: 5.4CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

unaffected

Any version before 1.0.6.12

affected

References

www.asus.com/security-advisory

cve.org (CVE-2026-1880)

nvd.nist.gov (CVE-2026-1880)

Download JSON