216.73.216.86

CVE-2026-1880

· Published 16/04/2026 03:16 · Modified 17/04/2026 15:17

Labels: CVE-2026-1880 2026-04-1654bf65a7-a193-42d2-b1ba-8e150d3c35e1CVE-2026-1880CWE-367

Essential information

Published
16/04/2026 03:16
Modified
17/04/2026 15:17
Author
Creator
CVSS
5.4 MEDIUM (v3) 5.4 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
54bf65a7-a193-42d2-b1ba-8e150d3c35e1
NVD
View on NVD

Affected products (CPE)

ProductCPE
asus / driverhub cpe:2.3:a:asus:driverhub:*:*:*:*:*:*:*:*

References