CVE-2026-4415 | THREATINT

Description

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

PUBLISHED Reserved 2026-03-19 | Published 2026-03-30 | Updated 2026-03-31 | Assigner twcert

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-23 Relative path traversal

Product status

Default status

unaffected

Any version

affected

References

www.twcert.org.tw/tw/cp-132-10803-ae014-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-10804-689cd-2.html third-party-advisory

cve.org (CVE-2026-4415)

nvd.nist.gov (CVE-2026-4415)

Download JSON