CVE-2026-8049

CVSS 5.3 MEDIUMEPSS 0.1%

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

SignalRGB · SignalRGB kernel driver

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://kb.cert.org/vuls/id/380058