CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gigabyte:control_center:*:*:*:*:*:*:*:*

History

08 Apr 2026, 19:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gigabyte:control_center::::::::
CWE		CWE-787
First Time		Gigabyte control Center Gigabyte
References	~~() https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html -~~	() https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html - Third Party Advisory
Summary		(es) Gigabyte Control Center desarrollado por GIGABYTE tiene una vulnerabilidad de escritura de archivos arbitrarios. Cuando la función de emparejamiento está habilitada, atacantes remotos no autenticados pueden escribir archivos arbitrarios en cualquier ubicación del sistema operativo subyacente, lo que lleva a la ejecución de código arbitrario o a la escalada de privilegios.

30 Mar 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 08:16

Updated : 2026-04-08 19:25

NVD link : CVE-2026-4415

Mitre link : CVE-2026-4415

CVE.ORG link : CVE-2026-4415

JSON object : View

Products Affected

gigabyte

control_center

CWE

CWE-23

Relative Path Traversal

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-4415", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-30T08:16:18.107", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-10804-689cd-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-10803-ae014-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation."}, {"lang": "es", "value": "Gigabyte Control Center desarrollado por GIGABYTE tiene una vulnerabilidad de escritura de archivos arbitrarios. Cuando la funci\u00f3n de emparejamiento est\u00e1 habilitada, atacantes remotos no autenticados pueden escribir archivos arbitrarios en cualquier ubicaci\u00f3n del sistema operativo subyacente, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario o a la escalada de privilegios."}], "lastModified": "2026-04-08T19:25:28.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gigabyte:control_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFB45D7A-5C36-435B-ABCB-7A89DCC760AA", "versionEndExcluding": "25.12.10.01"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}