216.73.217.98

CVE-2026-8049

· Published 18/06/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-8049 2026-06-17CVE-2026-8049[email protected]

Essential information

Published
18/06/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
EPSS (First)
P2.9% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00129)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issue privileged IOCTLs.

NVD status

NVD
View on NVD