CVE-2026-4415

Published Mar 30, 2026

Last updated 15 days ago

CVSS critical 9.2
Supply chain

Overview

Description
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.
Source
twcert@cert.org.tw
NVD status
Analyzed
Products
control_center

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

twcert@cert.org.tw
CWE-23
nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.CVE-2026-5735
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.CVE-2026-2701
  4. Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.CVE-2026-2699
  5. TrueConf Client Download of Code Without Integrity Check VulnerabilityCVE-2026-3502

References

Sources include official advisories and independent security research.