Skip to main content

GameFirst Anti-Cheat CVE-2026-12166

| EUVDEUVD-2026-41377 MEDIUM
2026-07-02 certcc GHSA-rp8q-7vcj-j55j
5.5
CVSS 3.1 · Vendor: certcc
Share

Severity by source

Vendor (certcc) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local kernel driver crash only; PR:L because standard users can reach the driver via IOCTL; no confidentiality or integrity impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (certcc).

CVSS VectorVendor: certcc

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 02, 2026 - 18:23 vuln.today
CVSS changed
Jul 02, 2026 - 18:22 NVD
5.5 (MEDIUM)
CVE Published
Jul 02, 2026 - 14:36 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

A NULL pointer dereference vulnerability for driver GFAC_Sys_x64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

AnalysisAI

NULL pointer dereference in the GFAC_Sys_x64.sys kernel driver of Little Orbit's GameFirst Anti-Cheat enables a local low-privileged attacker to crash the entire Windows system by sending crafted requests to the driver. All versions released up to 2025-07-07 are affected per EUVD-2026-41377. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privilege user session
Delivery
Identify running GFAC_Sys_x64.sys driver
Exploit
Send crafted IOCTL requests to kernel driver
Execution
Trigger NULL pointer dereference in ring-0
Impact
Cause immediate kernel panic and system crash (BSOD)

Vulnerability AssessmentAI

Exploitation Exploitation requires an interactive local session or existing code execution on the target Windows system with at least standard (low-privilege) user credentials - confirmed by the CVSS vector PR:L and AV:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H scores 5.5 (Medium), reflecting a local, low-complexity, low-privilege attack with high availability impact confined to the affected host (S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a Windows gaming machine with GameFirst Anti-Cheat installed crafts malformed IOCTL requests and submits them to the GFAC_Sys_x64.sys kernel driver using the public PoC available at https://github.com/FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168. The driver's failure to validate the request triggers a NULL pointer dereference in kernel space, causing an immediate Blue Screen of Death and forcing a system reboot. …
Remediation No specific patched version number has been identified in the available data, so a vendor-confirmed fix version cannot be cited. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12166 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy